According to a survey of IT decision-makers by Palo Alto Networks, 78% of respondents reported an increase in non-business IoT devices on corporate networks in the last year. For the second year, survey responses warn of needed security changes to protect corporate networks from non-business IoT devices.
Increasing numbers of "Non-business" Internet of Things devices are showing up inside corporate networks, Palo Alto Networks has warned, saying that smart lightbulbs and internet-connected pet feeders may not feature in organisations' threat models. According to Greg Day, VP and CSO EMEA of the US-based enterprise networking firm: "When you consider that the security controls in consumer IoT devices are minimal, so as not to increase the price, the lack of visibility coupled with increased remote working could lead to serious cybersecurity incidents."
Investment in IoT is set to overtake cloud computing, next generation security, big data analytics and other digital transformation technologies in the near future, according to Inmarsat. IoT has reached a high level of maturity across most organizations, with businesses across all industry sectors now planning to spend an average of $2.8 million on their IoT investments through to 2024.
Is the IoT technology that powers critical infrastructure really that vulnerable and what can be done to mitigate the risks? It is unsurprising that the vulnerability of IoT and the critical infrastructure landscape as a whole to cyberattacks is becoming a growing concern within the security landscape and recent attacks on the sector have proven the need to ramp up security efforts.
A flaw in a widely used internet-of-things infrastructure code left more than 100 million devices across 10,000 enterprises vulnerable to attacks. Researchers at Guardara used their technology to find a zero-day vulnerability in NanoMQ, an open-source platform from EMQ that monitors IoT devices in real time, then acts as a "Message broker" to deliver alerts that atypical activity has been detected.
To prevent devices being used as attack vectors, the first step to IoT protection, when connected onto the network, must start with DNS: using Domain Name System infrastructures and DNS security capabilities to protect data and ensure IoT devices are only allowed access to relevant services. Whilst IoT devices will always have security vulnerabilities, by incorporating a secure approach which makes use of DNS technology, businesses and service providers can be confident they are best protecting their data and access to their IT infrastructure.
The smart home could be ripe for IoT device attacks as cybercriminals rake in record ransomware payments. Remote work may be responsible for the increase in attacks, Kaspersky says.
The report finds a growing interest in using the IoT in several ways, such as improving the efficiency of the supply chain, running shop floor equipment, and powering autonomous vehicles. "Most large enterprises, having chosen their IoT platforms by now, are interested in scaling their IoT initiatives globally."
What about your Internet of Things devices? A new survey from password manager NordPass reveals that many IoT devices are saddled with their default passwords, making them an open target for cybercriminals. In a survey of 7,000 people across Australia, Canada, France, Germany, the Netherlands, the UK and the United States, NordPass found that only 33% of users changed the default passwords on their IoT devices.
The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets. According to a Kaspersky analysis of its telemetry from honeypots shared with Threatpost, the firm detected more than 1.5 billion IoT attacks - up from 639 million during the previous half year, which is more than twice the volume.