Why hackers love the IoT
By Max BurkhalterMarch 9, 2020
The internet of things has completely changed the way we interact with the world around us. With devices that can share data in real-time being ubiquitous in modern society, our lives have never been so convenient. However, the IoT brings with it numerous security challenges, and as a result, hackers flourish in this new technological environment.
What makes the IoT so hacker-prone?
At its core, the IoT is the network through which numerous internet-connected devices share information between one another. This ranges from smartphones controlling the channels on a TV to a tablet reviewing live supply chain information from halfway around the world. The IoT, of course, brings with it many benefits. But it also has a darker side. Due to the highly accessible nature of the IoT, it has become one of the most versatile tools in a hacker's arsenal. Thanks to the ubiquity of this interconnected network, devices of all kinds can connect and share data with one another, and this includes devices that have poor security measures in place, like out-of-date smartphones or computers that haven't kept up with their security certificate updates. Thus, devices you may trust can "betray" you and give hackers access to your data, according to Engadget.
Hackers can access this "Wild West"-Esque environment for their own nefarious purposes. A device with open sharing settings and out-of-date hardware can be used by cybercriminals to gain a foothold into the IoT networks of various organizations, putting sensitive data at risk. At the same time, the ease at which this is done means that IT professionals can have a hard time tracking the hackers and responding to breaches like this, especially when there is any number of unsecured devices that could be "responsible" for these attacks. The IoT acts as both a door and a roof for hackers - it gives them both an entrance and concealment for them to conduct their activities.
The war against hackers on the IoT battlefield
According to Keyfactor's 2020 Ponemon Report on the Impact of Unsecured Digital Identities, 60% of IT and security professionals say they are adding additional layers of encryption in response to the security risks that the IoT poses to their organizations. Meanwhile, 45% say their ability to maintain and update IoT devices (under their direct purview) over their lifetimes is poor. Almost 90% of IT professionals are not confident in their network's ability to stand against cyberattackers, a concern driven in large part by the IoT. Financial services IT workers are most concerned about the risks the IoT poses at 89%, followed by the healthcare industry at 88% and professional services at 86%.
A major risk here is devices being connected to networks that they shouldn't be. An employee's old smartphone can be an appealing target to hackers looking to gain access to sensitive information. Devices like these are incredibly easy to hack on the part of unauthorized users, and there can be countless examples connected to networks that their owners forgot about or IT professionals cannot track. These "shadow" IoT devices are thus a favorite tool of cybercriminals.
But employees connecting unsafe devices is not the only route of attack for hackers. The IoT also brings with it a lot of work for security professionals, and cybercriminals count on mistakes made by them as an additional way to access networks. As mentioned, 45% of IT workers say their ability to maintain and update IoT devices is poor due to the large amount of equipment they manage. Hackers can also use these "holes in the wall" to exploit obsolete certificates and hardware in a company's network infrastructure, gaining access to information they shouldn't despite the best efforts of the IT professional.
Thus, it is important for organizations to assess whether or not they have the resources in place to keep their IoT infrastructure up to date, especially when they are based in industries where sensitive information is regularly entrusted to them, and the vast majority do. Almost every business possess sensitive information related to both the company's operations and their customers. A failure or inability to practice optimal security measures can spell trouble for even the most successful of companies. To this end, Perle offers powerful connectivity tools that can help organizations maximize their network security strength. Our industrial-grade Ethernet switches and console servers are designed to work within big data environments where the security of sensitive information is a top concern. Read some of our customers' reviews to find out more.