1st February 2024
6 min read
Internet of Things (IoT) cyber security is a growing problem and IoT devices can be found in almost every environment. In 2022 the number of connected IoT devices was estimated to rise to 14.4 billion.
We’ve likely encountered them in our day-to-day lives, devices such as assistants, doorbell cameras, robot hoovers, smart devices for home automation like lightbulbs, switches and plugs, smoke alarms and CO2 sensors, homes appliances like fridges, cookers and washing machines, wearables and healthcare devices, toys and security specific devices. The list really does goes on.
These are primarily consumer products, but there are also commercial, industrial and military IoT devices. There are devices used to make whole cities smart.
So we’re aware of the prevalence of these devices and how they can assist us in our daily activities and digital needs. But how mindful are we of the impact that IoT devices have on our cyber security?
What can we do to ensure that the devices plugged into our home or enterprise networks take cyber security seriously? What can we do to ensure the data we entrust them to handle is protected? How many devices are bought for one purpose, and once they fulfill that purpose, are left for months, years without attention?
The primary focus of this article is to raise cyber security awareness and discuss the security impact these devices can have on our networks and infrastructure if left unattended. We’re going to discuss some steps we can take to make sure that these IoT devices that we use so regularly are setup securely, stay secured and protect our data to the best of their ability.
As we’ve discussed, there are a wealth of IoT devices available to us and due to the nature of them being actively connected to our networks and the internet, they may pose a significant risk to the security posture of the networks they are connected to. Whilst aimed at enterprise installations, the majority of these points will also apply to devices connected in home environments.
The following points are to be considered when using IoT devices and what we can do to help them, and us, and be as secure as possible. Now this won’t apply to all devices, for instance things like smart fridges may not provide a convenient way to interact with them, to install firmware updates or make any configuration changes, for example.
Many IoT devices are incredibly versatile and often run Linux-derived operating systems. Devices that require configuration during installation should be done so with security best practices in mind. We’ve listed some of the more likely features and configurations you may wish to consider:
Some actions that might be more applicable to enterprise environments are as follows.
The majority of Internet of Things type devices lack any type of Anti-Virus software or mechanisms to help prevent cyber attacks against the device. This can make them an attractive target to malicious actors as they can compromise a network device in a critical environment without being noticed. This may provide them with the chance to pivot to additional hosts or gain persistence within the affected network.
The National Institute of Standards and Technology (NIST) has provided a Cybersecurity for IoT Program that contains information for manufacturers and consumers described as;
“The development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices, products and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, academia, and consumers, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.”
As a CREST-approved penetration testing provider, our expert security consultants have a deep understanding of how hackers and cyber attackers operate. We use this knowledge to help businesses mitigate risks to their IT systems and networks.
We want to help you improve your security strategy to protect your brand reputation, value and property. Get in touch today to learn more about how we can help.
Entering the world of cyber security as a junior penetration tester has been an eye-opening experience for me. In my first month, I’ve encountered challenges,…
Cybersecurity forms the backbone of safeguarding your business’s data. With cybercrime becoming more sophisticated, traditional security measures are often insufficient. Staying vigilant and proactive is…
In recent years, cloud computing has become a pivotal element in modern business structure, fundamentally altering how you manage, process and safeguard your data. Its…
Penetration testing has become a cornerstone of robust cybersecurity strategy. It’s a critical process where experts simulate cyber attacks on your systems, networks, or applications…
Penetration testing is a critical defence mechanism in cybersecurity. It’s a process where experts mimic cyberattacks on your systems, networks or applications, identifying vulnerabilities before…
Server Header Information Disclosure The most common HTTP header that is enabled by default in most web servers is the ‘Server’ header, which can lead…
The Follina Exploit A zero-click Remote Code Execution (RCE) vulnerability has started making the rounds which is leveraging functionality within applications such as Microsoft Word.…