The Internet of Things (IoT) can increase efficiency, but it also comes with new risks. Find out why and how to protect your business in our article.
IoT security is the protection of Internet of Things devices from attack. While many business owners are aware that they need to protect computers and phones with antivirus, the security risks related to IoT devices are less well known and their protection is too often neglected.
Internet of Things devices are everywhere. From cars and fridges to monitoring devices on assembly lines, objects around us are increasingly being connected to the internet. The speed at which the IoT market is growing is staggering - Juniper research estimates that the number of IoT sensors and devices is set to exceed 50 billion by 2022.
While consumer IoT devices allow lifestyle benefits, businesses are quickly adopting IoT devices due to high potential for savings. For example, after Harley-Davidson turned their York, Pennsylvania plant to a ‘smart factory’ using IoT devices in every step of the production process, they reduced costs by 7% and increased net margin by 19%.
While IoT devices can greatly increase productivity for businesses, they also come with risks. Since IoT devices are connected to the internet, they can be hacked just like any other internet-enabled device.
To sufficiently protect your network, it’s essential to understand the security vulnerabilities of IoT devices. One of the key IoT security issues is the expansion of attack surfaces due to an increased number of endpoints. In a network, endpoints are the devices that are connected to the internet at large - each offering a point of entry to bad actors, exposing the network to outside risks.
The attack surface of a network consists of all the possible places where it can be attacked, and it expands with every new internet-connected device. Even if the chance of one device being accessed by a perpetrator is small, the large number of IoT devices being brought into businesses can create a significant security risk.
Here are some of the major risks to a business network without proper IoT cybersecurity:
One of the main IoT challenges is that the devices often record, have access to, and stream sensitive data. Security systems such as cameras and doorbells are increasingly a part of small business networks, and can quickly create major issues if hacked by a cybercriminal. Office equipment, such as printers, are also potential access points - a compromised printer could easily mean that the attacker can view everything that is printed or scanned in an office.
A hacked IoT device will allow the attacker to access its functions. While a coffee-maker might not allow an attacker to do anything more dangerous than brewing a latte, a hacked heating system or machinery can create far more disruption to a business. A bad actor could potentially hold a vehicle and its occupants hostage or demand payment to stop the sabotage of an assembly line.
Cybercriminals can bring together huge numbers of infected devices into networks called botnets. These botnets can be used for a variety of things, but they are best known for their use in DDoS attacks.
DDoS (Distributed Denial of Service) attacks send out a targeted stream of network requests from infected devices to the server, computer, or network that the bad actor wishes to bring down. As there are too many network requests for the target to handle, it crashes, and becomes unavailable for real users. In 2016, a botnet brought down some of the biggest sites, including Twitter and Netflix, using a DDoS attack.
While IoT devices can pose a security risk to any businesses that don’t take steps to secure their networks, some industries are especially vulnerable to attacks.
Industries that will face the highest risks are those where IoT devices are not just used as tools to help productivity but are being integrated into the very core of the business’s operation. For example, the use of IoT devices in manufacturing may provide huge benefits to efficiency, but when production processes become completely reliant on smart technology, a single attack has the potential to render a factory inoperational.
In 2010, the Stuxnet virus infected a uranium enrichment plant in Iran and caused permanent damage to centrifuges. While it’s likely that no one will use such a sophisticated attack against a small business, IoT malware is developing at a fast pace – any business using unsecured IoT devices in their manufacturing process could one day find their operation held hostage by hackers.
The owners of any small business that records confidential customer information should also be concerned about the risks. Webcams, printers, security cameras, and digital doorbells are just some of the devices that can potentially be hacked and reveal confidential information to attackers through their cameras and microphones. It’s just one of five key endpoint threats that pose a risk to small businesses.
While securing your endpoints and network will depend on what types of devices you have, there are certain precautions that will help you to secure any type of IoT gadget or appliance.
Having strong passwords is always important, but especially so for IoT devices. With a weak password, taking control of an IoT device through its own interface or web portal is trivial. What’s even more concerning is that many IoT devices come with default passwords, which many users don’t change – meaning that the attacker may already know the password to your device.
Strong passwords on the rest of your network will also add a second line of defence if an attacker does gain access through a device – stopping or hindering their attempts to access files, databases, and other devices. Changing the password on your router to a long and strong one is especially important, as a compromised router quickly leaves the whole network vulnerable.
Ensure that you have an up-to-date, secure router, with a firewall enabled. Your router can be the first point of attack – and if your router is compromised it will leave your entire network vulnerable. Installing an endpoint security solution that allows you to discover vulnerabilities in your network – for example, one with a scan feature such as Avast’s Wi-Fi Inspector - is essential.
Responsible manufacturers will release security updates for their IoT devices when vulnerabilities are discovered. Ensuring your devices are patched regularly with the latest updates is important. If you have a device that doesn’t receive updates, consider the benefits of the device against the potential impact on your business in the event of an attack. For devices that do receive updates, investing in patch management software is recommended to ensure you're always up-to-date.
As there is a growing market for IoT devices, manufacturers are eager to pump out large numbers of them, and may not spend much time developing their product’s security. While IoT devices can be highly useful, consider whether your office kitchen really needs that internet-enabled toaster or kettle.
While the benefits of new technology always seem exciting – especially for small business owners looking to save money and increase productivity – it’s important to take time to understand the risks that come with it. IoT devices have the potential to bring efficiency improvements to many industries, but steps should also be taken to ensure they don’t leave your network vulnerable to malicious actors.
Avast and Stanford researchers analyzed user-initiated scans of 83 million “smart” devices in 16 million homes worldwide to understand the Internet of Things.
See what an Avast researcher learned by hacking a smart coffee maker in all kinds of ways.