The days of “dumb” analog devices are at an end. These days, everything has to be “smart” and a part of the Internet-of-Things (IoT). Digital devices are now designed to connect and communicate with each other and be controllable remotely using smart phones. Enterprises are all jumping on the bandwagon, installing smart lights for their offices and using connected sensors and robots in their factories. Research firm Gartner estimates that will be in use this year. By 2021, the number is expected to reach 25 billion. However, this increasing rate of adoption is only giving rise to more cybersecurity concerns. Given its varied use cases, enterprise IoT can open up some worrisome vectors of attacks that cybercriminals can exploit. 14.2 billion connected devices In its , Bulletproof cited that the popularity of smart appliances has contributed to the growing risks of attacks like data harvesting. IoT security provider FirstPoint also identified that hackers are nowcapable of launching to disrupt IoT devices that rely on such signals to transmit and stream their data. And, even today, security firm Imperva has found that the notorious IoT-reliant Mirai malware is still actively being used to carry out massive . 2019 cybersecurity report cellular connectivity-based attacks distributed denial-of-service (DDoS) attacks Organizations keen on adopting IoT must understand the cybersecurity risks that the technology may bring. This way, they can adjust their respective security strategies to accommodate IoT as potential vector for attacks. Threats Attackers can exploit IoT devices in a variety of ways. Among the potential attacks against enterprise infrastructure may include: Denial of Service. IoT devices can play a couple of roles when it comes to denial-of-service (DoS) attacks. Firstly, IoT devices can be hijacked to carry out DoS attacks. In the case of Mirai DDoS attacks, IoT devices such as webcams and routers are infected by malware. Once infected, these devices now become part of a botnet that can be used to launch DDoS attacks against any network. Secondly, IoT devices can also be the target of DoS attacks. In an industrial setting, IoT devices often come in the form of sensors and trackers that send out data in real time to control systems. Cellular-based DoS attacks can prevent data to be sent out, disrupting operations. Downtime caused by these attacks can be costly for any enterprise. Breaches. IoT devices may gather and process sensitive data which are prime targets for cybercriminals to steal. Enterprise data may contain valuable proprietary data which can be used to extort companies or be sold on the black market. Hackers may also steal personal identifiable information and biometric data from IoT devices. Biometric scanners, for instance, process facial recognition and fingerprint data. Given that these data are also popularly used to secure other devices such as mobile phones, hackers may be able to use them to compromise these systems. Hackers can easily intercept information from the devices themselves or during transmission. They can also targetvthe servers or storage services to which IoT data is transmitted. Espionage and Sabotage. Enterprises are now popular targets for espionage and sabotage. American tech companies, for example, are known to be the focus of as part of cyberwarfare. Attacks on large enterprises can be significant enough to affect the economy. state-sponsored attacks It isn’t just state-sponsored attackers that may try to cause disruption to enterprises. Unscrupulous competitors may also resort to espionage or sabotage in order to gain an advantage over rivals. But regardless of the entities behind the attacks, IoT devices are now also being exploited for these reasons. Protection Fortunately, there are various ways to mitigate IoT-focused attacks. These include: Adopting cellular network-based security. An emerging approach to enterprise IoT security is a cellular-based approach. Security providers can integrate with the mobile network operator's systems and create secure virtual networks. All communication from IoT devices are encrypted and routed through these networks where algorithms screen for and block threats. Part of the reason why malware have easily spread across is due to the proliferation of low-cost devices in the market. These devices, unfortunately, lack the necessary security features to prevent malware and hackers from hijacking them. Companies may be tempted to go cheap and opt for such devices. But, it would be wise for them to invest in devices that can be secured from manufacturers that provide sustained support. Investing in secure devices - Poor access management has also allowed attackers to easily hijack devices. Users often leave devices running using default access credentials. Attackers have tools and automated scripts that can readily take over such devices. These can be prevented by using secure credentials and avoiding password reuse. Applying stringent access management - Organizations must also ensure that the ways they retrieve and store data coming from IoT devices are kept secure. Security solutions such as breach prevention services are now available to comprehensively protect devices and servers against malicious traffic and hacking attempts. Comprehensive data protection - Proceeding with Caution Given how IoT has become the next big thing, it’s inevitable for more enterprises to try and take advantage of the hype. They should, however, be aware that investing in cutting edge technologies come with plenty of caveats and threats of cyberattacks are just among these risks. This said, these issues shouldn't entirely discourage companies from IoT. Connected devices have shown to benefit users including cost savings through efficient and automated operations and game-changing insights from big data generated by IoT. What is key is for companies to formulate strategies to mitigate IoT attacks and strengthen their security measures. This way, they can still enjoy the benefits of IoT adoption while minimizing their exposure to attacks.

Analog Devices

Target

Enterprise IoT Could Open Up Worrisome Attack Vectors

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

3 Tips for Effective Kubernetes Application Troubleshooting

Ethereum Merge One Year Later: What We've Learned about Block Building, MEV-Boost, and Relays

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

3 Tips for Effective Kubernetes Application Troubleshooting

Ethereum Merge One Year Later: What We've Learned about Block Building, MEV-Boost, and Relays

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps