Research shows that by 2025, more than 75 billion devices will be connected to the Internet, which is equivalent to approximately 10 IoT devices for every person on the planet.
As the Internet of Things expands across the globe to deliver more connected experiences, security is definitely taking a hit. IoT technology creates a wider attack surface, exposing enterprises to attack threats.
The growing attack surface of IoT devices
IoT devices are notoriously difficult to monitor and protect because they mostly use legacy systems and are rarely connected to the Internet, making them difficult to track. This is a frustrating problem for many security teams. How can security experts protect and patch an IoT device if they don’t know it’s there?
This is especially true when employees bring their devices to work (BYOD), which can lead to shadow IT issues. This refers to the use of technology without the knowledge of the IT department, which results in a lack of visibility of IoT devices.
As the office chaos brought about by the pandemic slowly diminishes, many employees are looking to return to the office, while others are looking to a hybrid work model. This may mean that as people return to work after the epidemic, a large number of vulnerable devices will be brought back to the office.
Additionally, normal security telemetry cannot be performed on these small, less advanced IoT devices. This poses an additional security threat. When critical updates and device inventory are lacking, systems are vulnerable to attack.
IoT security nightmare
In 2020, the Cybersecurity Agency of Singapore detected nearly 6,600 botnet drones with Singaporean IP addresses every day, a significant increase from the daily average of 2,300 in 2009. Mirai and Gamarue were the main malware types, accounting for 25% of infected Singapore IP addresses in 2020. Globally, malware types such as Mirai have been observed targeting IoT devices to launch DDoS attacks.
In August 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and threat intelligence company Mandiant disclosed a critical vulnerability in ThroughTek. This vulnerability allows attackers to access millions of IoT cameras to view and record live broadcasts, and leak credentials for further attacks.
The discovery highlights the growing challenges facing IoT supply chain security, which often require immediate action to apply necessary software updates. Connected devices need to have the same cyber security as other IT systems to avoid attacks that could have significant consequences.
Monitor IoT with network detection and response
Organizations need to take steps such as implementing sophisticated network segmentation and zero trust so that no assets are implicitly trusted.
At the same time, all IoT component manufacturers should develop a device discovery plan to manage device inventory and control. Enterprises also need to be able to gather deep forensic insights to investigate the cause of the threat and ensure it cannot happen again.
In addition, connected devices require more advanced cybersecurity tools, such as Network Detection and Response (NDR), which can display a complete device inventory, taking the pressure off security teams.
Security teams also need to develop an actionable plan to quickly eliminate vulnerabilities and risks in the business environment and rely on deep forensic insights to help. These capabilities provide teams with resources at their fingertips to quickly hunt, investigate, and remediate threats, providing comprehensive response and streamlined workflows.
The Internet of Things will continue to explode—but so will cyberattacks. When an attack inevitably occurs, organizations need to ensure they are prepared to improve response times, especially given the importance of IoT to supply chain and manufacturing functions.