Click the blue text above to select “Set as Star”.
Key information delivered on D1 time!
It is not necessarily a bad thing that companies are increasingly using IoT devices in their operations. They help improve employee efficiency, optimize limited resources, and even automate tedious and mundane tasks. However, the benefits they bring do not eliminate the risks posed by IoT devices to businesses.
Misconceptions about IoT Security
As companies strengthen security across all aspects of their operations, personnel remain the weakest link, and they easily overlook the security of IoT networks because they are technology-based. However, using remote tools and devices that can perform tasks better instead of physical tasks is not always a perfect solution.
Companies typically adopt some IoT devices, such as deploying more IoT facilities in offices, which means there are more locks, keys, and security cameras to check. Although these devices are designed to support cybersecurity, such as laptops, tablets, and desktop devices, IoT devices are not secure, and businesses cannot rely on the security features provided by IoT manufacturers, which require more changes.
In recent years, 70% of organizations and institutions worldwide have suffered IoT-based cyberattacks, with a typical security incident being a casino’s database being hacked through its fish tank thermometer. This is not a case of using complex technical secrets to access a network. The method is relatively simple, as the thermometer is an IoT device connected to the internet and the casino’s internal network.
In addition to negligence that often makes IoT devices vulnerable to cyberattacks, they are typically designed to enhance productivity and convenience during production, without considering security first.
01
Limited Computing Power
Most IoT devices can perform only a limited number of tasks. Since the tasks are usually very simple and do not require a lot of computing power, manufacturers do not specifically enhance the capacity of their devices to keep prices reasonable. However, proper security measures often require sufficient computing power to be effective.
02
Outdated Operating Systems and Lack of Updates
Since the functions required by IoT devices do not change over time, most IoT device manufacturers do not continuously send operating system updates to the devices. This makes them susceptible to various cyberattacks.
03
Poor Physical Security
If cyber attackers can access IoT devices, they can directly access the networks they are on. Unlike laptops and tablets that carry sensitive documents and data, IoT devices are often not well-protected and are installed in remote areas with long periods of no supervision. The lack of physical security measures makes devices highly susceptible to tampering and allows for malware or spyware installation directly through their ports.
04
Insecure Communication Protocols
Most IoT devices do not use secure communication protocols when transmitting data between the device itself, cloud computing services, and the company’s main network. For example, some man-in-the-middle (MITM) attacks exploit insecure key exchange practices to intercept and access data during transmission.
How to Protect IoT Devices
Despite the many drawbacks of using IoT devices, it does not necessarily mean they cannot be addressed and overcome. Companies can adopt various methods to protect IoT devices and minimize risks, with varying complexity and importance.
01 Change Passwords
Password logins with multi-factor authentication may seem like an obvious first step, but 47% of IT personnel do not change the default passwords and settings when connecting IoT devices to their internal networks. The same rules applicable to account and device passwords should be used on IoT devices:
-
Change passwords every 30 to 90 days.
-
Use a complex combination of random letters, numbers, and symbols in passwords in different situations.
-
Utilize two-factor or multi-factor authentication.
-
Use a password manager—or completely abandon written passwords for passwordless logins.
-
Avoid sharing passwords among employees through insecure communication channels.
02 Stay Away from the Open Internet
IoT devices can only function when connected to larger networks or devices or cloud platforms. However, it is best to keep IoT devices strictly connected to the company’s internal network rather than the open internet. This is because, according to NETSCOUT’s threat intelligence report, IoT devices are attacked approximately five minutes after being connected to the internet.
03 Be Cautious of Auto-Connect Options
By default, most IoT and smart devices have auto-connect options. This poses a security risk to the average person and may increase the risk of businesses suffering from IoT network attacks.
About two-thirds of global companies found that over 1,000 IoT devices belonging to companies or individuals were connected to their internal networks. Unlike the IoT services released by the company, it cannot be ensured that all these services have undergone the necessary security improvements.
In addition to setting up barriers to prevent unauthorized IoT devices from connecting to the network, monitoring systems should also be considered. Companies can use this to closely monitor the health of all devices and alert them in case of anomalies (such as abnormal data flows).
04 Disable All Unnecessary Features
Most IoT devices come with many default settings enabled to enhance convenience and productivity rather than security. After adding new IoT devices to the network, it is necessary to check their settings and additional features and disable any that are not in use. Any type of data or additional services provided by IoT devices may represent potential security vulnerabilities.
05 Partner with Security-Focused IoT Manufacturers
Software updates for IoT devices are not very frequent. When updates do occur, companies typically focus on improving user interfaces or implementing one or two new features. By sourcing IoT devices only from security-focused manufacturers, it can also ensure regular updates, including security updates and reports on fixed bugs and vulnerabilities.
Copyright Statement: This article is compiled by D1Net. Reprinting requires an indication at the beginning of the article that the source is: D1Net. If not indicated, D1Net reserves the right to pursue legal responsibility.
(Source: D1Net)
If you work in a specific area of enterprise IT, networking, or communications and would like to share your views, you are welcome to submit to D1Net.
Submission Email: [email protected]
Click the blue text to follow
D1net’s Xinzongzhi is an intelligence and resource-sharing platform for CIOs (Chief Information Officers) and is also the largest CIO social platform in China.
Xinzongzhi serves CIOs by providing product reviews, consulting, training, headhunting, and demand matching services. It is also one of the earliest to B sharing economy platforms in China.
At the same time, D1net has jointly established the China Enterprise Digital Alliance with more than half of the information department heads of central enterprises, mainly targeting large enterprises across the country to provide assistance and support in technology, policy, strategy, and tactics for digital transformation.
