Cloud Hosting

The old bait-and-switch digital prank Rickrollinghaswavered in and out of popularity for the last decade and a half, but an18-year-oldstudent ofSecurity Research and Computer Science put up a blog postearlier thisyeardetailingacreative spin on the classic prank he Rickrolled hisentire school districtvia an IoThack.

Thankfully, for all those involved, the outcome of thisWhitehathackingprank was hilarious, entertaining, and relatively victimless. The perpetrators took care to ensurethey wouldnot disrupt anyschool sessions or tests. Theyeven debriefed the school districts IT team withinformation onhow and where they found the vulnerabilitiestoprevent amalicious attackin the future.You can read the full account of the incident, accompanied by a video,here.

IoT has been around for decadesnow, soyou might wonder howthispractical jokewas so easy to pull off? The short answer is that IoT is often overlooked in cybersecurity because IoT devices are built withconvenience, not security, in mind. As well explore here,its imperative that your IoTlandscapebeincluded aspart of yourcybersecurity risk assessment.With the amount of datahandled via IoT,it can quickly become overwhelming. This iswhereAxio360s platformcan help you gain a better, holistic understanding of your environment.

IoT, or the internet of things,is a term used to describesensors and actuators embedded in physical objects [that are] linked through wired and wireless networks.It includesabroad list of devices used tocollect andtransmit data from one device to another without human intervention.Mostfolks arethe most familiar withconsumer IoT.Consumer IoT includes thingswe use every day. A network of devices, such asSiri,FitBit,Alexa,Ring doorbells,Smart Homeautomation, etc.,are allexamples ofIoT devices. They are meant to operate in the background andmake daily tasks easier.

ConsumerIoT is ubiquitous, and becauseitoften runsin the background and integratesso seamlessly with our daily lives,its no surprise that many people dont often think about or consider security when using or purchasing these devices.Using webcam feeds as an example,CNNdemonstratedin 2019how easily consumer IoT devices can behacked,and ourpersonal privacycompromised. And there aremany,many,more examplesto be found online.The popularity ofpersonalIoT devicescontinues to grow at amuch quicker rate than the call for betterprotection against IoT attacks,raising the risk of attacks onhome network security.

Smart technology requires smart handling,saysMartinSchallbruch,former Cybersecurity consultant to the German government; hecomparesordinary usersliving in smart housesfullof smart devicestoa systems admin managing a data center.Meaning, consumers should follow basic cyber hygieneguidelines, just assysadmins are required, like keeping software up to date, changing passwords, etc.

Whether a person chooses to outfit their homewithsmart devices or not is irrelevant because,in 2021,living without IoT is nearly impossible.Today, there are more than10 billion active IoT devices,andin the US, IoT devices are used throughout our critical infrastructure.Examples includemedical devices,supply chain tracking (GPS), predicting when manufacturing equipmentneedsmaintenance, and other critical infrastructure systemmanagementlike power plant or water plant monitoring.Deloitte projects that, in healthcare alone, theglobal IoT marketwill be worth $158.1B in 2022.

Thegrowthof IoTinthe business world brings with it anevolutionof cyber riskand increased scope of damage.In 2017,the FDAdiscovered avulnerability inpacemakersissued by St. Jude Medical, leading to a recall of 500,000 devices. The security flaw allowed potentialhackersunauthorized access tothe devices viacommercially available equipment.In 2021, Peloton learned from its AdvancedThreat Research consultant, McAfee,thatits bike had a vulnerabilitythat would have allowed a hacker to gain access to the Peloton tablet, where they couldinstall malware and intercept the users personal data, or even gain control of the devices camera and microphone.Peloton issued a patch for thisvulnerabilitybefore anyknown exploitsoccurred, but itdoesntensure future vulnerabilitiescantarise.While the NSAhas helpedensurethatPresident Bidens Pelotonand other devicesaresecure,what aboutotherhigh-rankingofficials, judges, CEOs,etc. thatdonthave the NSAshelp?

Theadvancement of IoT technology reduces manual labor and cost while it increases efficiency through automating business processes.A 2021 studyfound that the main revenue driver formostenterprise IoT projects is cost savings, and, on average, over 80% of senior executives across industries say IoT is critical to some or all lines of business.

However, theseapplications become vulnerable as they need to communicate via the internet to send information to other devices, makingIoT cybersecurity for businesses critical. Yourcybersecurity strategy is only as strong as your weakest link.Just one device can compromise the entire system, whether its a home or an entire industrial system,Schallbruchpoints out.Cyber-attacksagainstcritical systemsare on the rise,and the reliance on IoTproduces a landscape where attacks are easy to create and difficult to remedy.Business leaders need to understand thatIoT securitymust be includedin the foundations of their cybersecurity risk management strategy.

Again, most IoT devices are built with convenience in mind,and oftenthe cost of convenience is security.Outside of home automation and digital assistants, IoT plays an integral part in the way we do business at an enterprise level today. It provides the data we need to make better business decisions.

Part of yourcybersecurity riskassessment processneeds to lookatIoT devices because, for the most part,theyre not built with security in mind.MostIoTvendors dont think of themselves as security professionals, so its up to businesses andgeneral consumersto ensure their devices are secure.IoTdevices aresignificantpotential risk factorsthat youmustconsiderin your risk assessment scenarios.Axio360 offers practical business solutions that you can useto discern what basic cybersecurity principles apply to your IoT devices when makingrisk management decisions.

Read more:
Never Gonna Give You Up: staying on top of IoT security risks - Security Boulevard