Many companies are turning a blind eye to security issues, swayed by the potential benefits that IoT can bring. A copy of the survey mentioned above is available.
1: IoT – a cybercriminal’s dream
Any device or sensor with an IP address connected to a corporate network is an entry point for hackers and other cybercriminals – like leaving your front door wide open for thieves.
Managing endpoints is already a challenge, but the IoT will usher in a raft of new network-connected devices that threaten to overwhelm the IT department charged with securing them – a thankless task considering the lack of basic safeguards in place on the devices.
Of particular concern is that many IoT devices are not designed to be secured or updated after deployment. Any vulnerabilities discovered post deployment cannot be protected against in the device; and corrupted devices cannot be cleansed.
2: IT or OT
IT professionals are more used to securing PCs, laptops and other devices, but they will now be expected to become experts in areas such as smart lighting, heating and air conditioning systems, security cameras and integrated facilities management systems.
A lack of experience in this Operating Technology (OT) is a cause for concern. It is seen as operational rather than strategic, so deployment and management is often shifted well away from Board awareness and oversight.
Nevertheless, the majority of organisations are deploying IoT technology with minimal regard to the risk profile or the tactical requirements needed to secure them against unforeseen consequences.
3: Increase in DDoS attacks
DDoS (Distributed Denial of Service) attacks are on the rise, with 41 percent of UK organisations saying they have experienced one.
IoT devices are a perfect vehicle for criminals to access a company’s network. 2016’s high-profile Mirai attack used IoT devices to mount wide-scale DDoS attacks that disrupted internet service for more than 900,000 Deutsche Telekom customers in Germany, and infected almost 2,400 TalkTalk routers in the UK.