The brave new world is here and much of it presents IT security challenges that aren’t for the faint of heart. There will be 75 billion Internet of Things (IoT) connected devices online by 2025. This will impact everything from connected cars, home security, smart speakers, and just about anything else you can create a remote sensor for. While 5G networks, artificial intelligence, and quantum computing are on the horizon, it is the unprecedented growth in IoT devices that should keep CEOs up at night. That’s because IoT devices have become an increasing target for cybercriminals. How can your company protect itself when the threat vector is so widespread?

UNDERSTANDING IOT—AND ITS RISKS

IoT is an umbrella term for connected sensors that use the Internet to transmit data. The use of these devices has exploded in five key categories:

• Consumer IoT such as voice assistants and smart homes.
• Commercial IoT like pacemakers in healthcare and vehicle tracking for industrial fleets.
• Industrial IoT including HVAC digital control systems and smart agriculture.
• Infrastructure IoT used in smart city applications.
• Military IoT such as wearable combat biometric sensors, drones, and surveillance robots.

If your business is using any of these types of tools, data privacy and security will increasingly pose a problem. As devices collect data, store, and share it across platforms and devices, there is a risk that this collected information will place a target on your organization. CISO Magazine broke the news at the beginning of 2020 that criminal exploitation of IoT captured data is an increasing problem. Some of the incidents they reported include:

• Smart security cameras are vulnerable to cybercriminals, from Ring (lawsuit pending) to Google Home hub.
• Smart TVs have several neglected security issues that could allow criminals to listen in on conversations by using the integrated camera and microphone.
• Home or office appliances like smart coffeemakers can be breached as an entry point into your network.
• Even Internet-enabled smart lighting can serve as a tool for violating your security and privacy.

IoT devices were designed for convenience, not security. As a result, everything from implantable cardiac devices in human patients to cars can, and are, being breached and used for nefarious purposes. Businesses and governments are increasingly concerned with security gaps in our critical infrastructures.

The Open Web Application Security Project (OWASP) lists 10 points of vulnerability in IoT devices, including:

1. Weak, guessable, or hardcoded passwords.
2. Insecure network services.
3. Insecure ecosystem interfaces.
4. Lack of security update mechanisms.
5. Insecure, outdated components.
6. Insufficient privacy protection.
7. Insecure data transfer and storage.
8. No device management.
9. Insecure default settings.
10. No physical hardening.

It’s not like the IoT is going away anytime soon. In fact, it’s the opposite: Most businesses now rely upon these tools for external or internal workflows. Worse, many have developed products with some or all of these vulnerabilities baked into the device. As cybercriminals learn new tricks, it increases the risk that your company will be left scrambling to fix a breach after the damage occurred.

There is an alternative: Consult with a team of cybersecurity experts that specialize in helping organizations mitigate IoT security risks. The right team of professionals can offer penetration testing, security monitoring, training, and computer forensics to help your company pinpoint and evaluate cyber threats that are inherent to your specific organization.