The Insecurity of IoT Devices is a Serious Concern… So Why Aren’t Businesses Worried?
The IoT, or Internet of Things, is everywhere. There’s a relatively good chance that a device that would be part of the IoT is within your reach right now, perhaps even on your person. Businesses of all kinds use the IoT for various purposes as well, but behind this usage lies significant risk from cyberthreats, and a shocking number of businesses seem to accept this risk without much concern… as in, the vast majority of surveyed businesses utilizing the IoT demonstrated a lack of protection, but seemed not to be bothered by it.
Let’s examine the numbers, and discuss why you need to take a different approach.
Companies are Complacent About Connected Devices
On October 10th, IoT security firm Keyfactor and market research firm Vanson Bourne released a study that revealed as much, as its results ultimately suggested that many businesses putting the IoT to use had reached what they saw as an “acceptable” level of protection—despite 89% of respondents reporting cyberattacks against their connected devices.
The issue here is apparent… particularly when 90% of those surveyed professionals reported being victimized within the past year by cyberattacks involving the IoT. Making things worse, 70% of respondents had seen increases in IoT-based attacks—half of which experienced phishing, with malware and ransomware coming in just behind.
Despite all this, a feeling of complacency persists amongst many businesses, with “enough” security being put in place, not all that is potentially available.
IoT Security Issues Can Have Significant Financial and Compliance Ramifications
The research that Keyfactor conducted demonstrated that breaches enabled by the IoT cost—on average—$236,035 per year for the affected businesses, which drastically cuts into the funds available to make these devices more secure. If a company were to suffer more than one such event, the outcome could be extremely bleak.
Historically, many IoT devices have lacked the means to update the onboard protections they have against threats, and that issue is compounded by a combination of bad habits and simple unawareness. Many people postpone security updates, which we do not recommend, and a lot of people don’t think about updating devices that are a part of the IoT. That’s also assuming that the manufacturers of these devices have the systems in place to update them, which many don’t with little in place to regulate them.
Fortunately, the Cybersecurity and Infrastructure Security Agency (CISA) and National Institutes of Standards and Technology (NIST) are collaborating to create guidelines, and some guidelines have been codified into law (albeit only applying to companies supplying the government with IoT devices). Certain states and industries have also had laws adopted to contend with these challenges as well.
What You Can Do to Avoid These Threats
The long and the short of it is that you need to prioritize working with technology of ALL kinds, IoT and otherwise, that can be reliably updated and kept secure. It also doesn’t hurt to engage in various cybersecurity protections and safeguards, leaning on vendors and service providers like White Mountain IT Services.
If you’d like to find out more about how we can help you secure your infrastructure as a whole, reach out to us at 603-889-0800.
