Hacked via your fridge? The cybersecurity risks of IoT
On 29th April, a landmark law came into force in the UK. The law (catchily titled the Product Security and Telecommunications Act) regulates the security of smart devices.?
To our knowledge, the UK is the first country to create cybersecurity standards targeting the Internet of Things (IoT). This is a reminder that IoT brings risks as well as benefits. This post is all about those risks and how to manage them.
A quick definition of IOT
There’s a lot of debate about the name “Internet of Things," but we don't need to get into that here. We're using it in the popular sense—devices that exchange data over the Internet for our purposes.
It could be smart fridges, speakers, or wearable tech. It could be anything from IP CCTV to building management systems that allow remote control of door access, heating, lighting, and so on. The list goes on and on. Smart devices are helpful and convenient, but they're also risky. ?
What are the security risks of IoT? nbsp;
To state the obvious, IoT devices are connected to (you guessed it) the Internet. So, they're a potential gateway to their network and any other network device.
In principle, this is no different from any endpoint within an office. But the difference is that many IoT devices don't prioritise security. Weak default passwords, infrequent firmware updates and unencrypted communication are all too common.
This can make them an easy infiltration point by directly accessing the device or intercepting data it transmits. From this, they can go anywhere. They could access other devices on the network, potentially accessing highly confidential information or giving attackers leverage for a ransomware attack. IoT devices could be used to execute a botnet attack on a grander scale.
So, the title of this (hacked via your fridge) is only half-joking. Even something as innocent as the office smart speaker can be a way in, especially if the network is unsegmented.??
领英推荐
Cyber attacks via IoT devices – a real-world example
There are many real-world examples of attacks via IoT devices. One of the most significant is the Mirai botnet.
Mirai is malware that scans for and infects vulnerable IoT devices. From there, it uses them in botnet attacks. In 2016, it attacked DNS provider Dyn in one of the most significant DDoS attacks in history. This has made hundreds of websites inaccessible, including major ones like GitHub, Twitter, Reddit, Netflix, and Airbnb.
It's an example that shows just how far these attacks can go. It also affected Dyn's client base with huge financial and reputational costs. This should be food for thought for any business.
What should MSPs do?
The most important thing for MSPs is customer visibility. Asset tracking and complete network inventories are a must. ?
This sounds obvious, but it’s always a challenge for MSPs. Your customers sometimes report only some devices to you or even see it as a threat. Of course, it's more than what the devices are; it's where they are. The tablet in a director's electric car might be logged into business-critical software via an unsecured 4G connection.
It’s a potential problem, and a business will likely hold its cybersecurity provider responsible if it’s attacked. There are many ways of managing the risks. Heimdal provides excellent asset tracking. Sendmarc will massively improve email and domain security, preventing IoT devices from compromising email accounts.?
An opportunity for the channel
Those are just two examples of how Brigantia vendors can help. We’d be more than happy to advise on any specific cases. As far as the channel is concerned, we should see this as an opportunity.
It’s our collective responsibility to educate businesses on the risks these devices can pose. By doing this, we can continue to bolster security, increase customer loyalty, and increase recurring revenue streams.
Still trying to figure out how to go about this? Get in touch, and we'd be delighted to advise on an approach.