Microsoft recently announced that it caught Russian government hackers using Internet of Things (IoT) devices to breach networks, look for other vulnerable devices, and access privileged accounts and sensitive data. Hackers were able to penetrate these networks through VoIP phones, an office printer, and a video decoder by using default passwords that were never changed and bypassing old firmware through a known vulnerability.
More and more organizations are adopting IoT devices, from video surveillance cameras to asset tracking sensors to smart building components such as smart lighting. In fact, Microsoft has said the IoT is essential to business success, with organizations expecting an average ROI of 30 percent within three years of implementation. Gartner reports that more than 95 percent of organizations have met that expectation.
Microsoft says the top five drivers of IoT adoption are improvements in efficiency and operations, productivity, safety and security, supply chain management, and quality assurance. According to a Microsoft survey, 85 percent of organizations have either launched or completed IoT projects.
However,IoT devices can create serious security risks because they can be hacked just like any other Internet-connected device. Many of these devices lack the robust security of your typical laptop, smartphone or tablet. Not surprisingly, security is one of the biggest barriers to IoT adoption.
The IoT greatly expands the attack surface, with each device serving as a potential entry point for hackers. A breach could enable hackers to access sensitive data, alter the device’s functions, and use botnets to carry out distributed denial of service attacks.
How will you recognize, authenticate, and manage IoT devices? Will you be able to handle the increase in threats that you’re likely to encounter by adopting the IoT? How will you secure the data constantly being transmitted by IoT devices? If you detect a threat or a breach, will you be prepared to respond? These concerns are keeping many organizations from moving forward with IoT initiatives.
There are several steps organizations can take to reduce IoT security risks. First, every IoT device should support a specific business goal. While it can be tempting to expand your IoT footprint, don’t create unnecessary risk by adding devices that offer limited value.
It should be obvious, but recent incidents make it necessary to point out the importance of strong passwords. Change default passwords on your IoT devices and use strong passwords across your network to protect your systems and data in case an IoT device is breached.
The router is often the first line of defense, so make sure your routers have up-to-date software and a next-generation firewall. Use an endpoint security solution to identify vulnerabilities before hackers do. Also, effective patch management will ensure IoT devices receive the latest security updates as quickly as possible and limit the window for exploiting vulnerabilities.
The IoT creates tremendous opportunities to optimize operations and better understand and serve your customers. But it only takes one data breach to wipe out all those gains. Let ICG help you take a proactive approach to IoT security and keep your systems and data protected.