Emerging technologies including smart devices, machine learning, and the advent of 5G networks are powering new efficiencies in the Internet of Things (IoT). Analysts expect the total number of installed IoT connected devices to explode, with one projection estimating more than 75 billion worldwide by 2025.1 With so many devices connecting to the Internet from both home and business networks, it’s important to pay attention to data security to avoid security threats.
IoT devices often share the same networks used for our desktop computers and laptops. Traffic and data from devices like wearables, digital home assistants, and cameras, move freely and, in most cases, unencrypted over the network—and unfortunately their security vulnerabilities are well-known by hackers. Most IoT devices are connected 24/7 and have “significant bandwidth available, making them attractive targets for conscription into Distributed Denial of Service (DDoS) botnets.”2 Additionally, cybercriminals use these devices to enter enterprise or home networks, gather confidential data, and compromise privacy.
Known security vulnerabilities in IoT devices
There are many known IoT device security threats including unprotected network services and data transfer, lack of software updates or patches, and widespread use of insecure default settings. There is also an uptick in malware attacks on IoT devices that target devices running on old operating systems with known or guessable default passwords. For example, in June 2019, a 14-year-old hacker used the Silex malware to shut down more than 4,000 insecure IoT devices.3 Many security analysts believe these types of attacks against IoT devices will continue to evolve.
Bring your own device issues in the office
In a recent survey, nearly 80 percent of respondents said employees can’t do their jobs effectively without a mobile phone, and three-quarters deemed mobile devices essential to business workflows.4 However, the freedom of bring your own device (BYOD) at work without a well-defined policy in place can expose businesses to risk, causing security threats. Four out of five companies surveyed said they wouldn’t be able to identify all the IoT devices on their network.5 Unknown devices on the network provide a back door for hackers to get into your system. Businesses should adopt mobile device management systems to maintain control over devices.
Home-based IoT privacy risks
Many IoT devices lack the ability to update or patch software leaving personally identifiable and sensitive data permanently at risk and exposed to cybercriminals. As it stands now, too few IoT devices have basic security measures in place such as data encryption. Some wearable devices contain vulnerabilities that have allowed hackers to track a user’s location, listen in on conversations, and even communicate with the user.
Keep the hackers out of your IoT networks
As the number of connected IoT devices continues to grow, so will the amount of data they generate. Fortunately, there are a number of steps you can take to secure your IoT devices and protect your privacy.
Diamond Credit Union has partnered with CyberScout to offer comprehensive identity management services. If you detect suspicious activity or would like to proactively protect your identity, contact us at 610-326-5490 to be connected to a CyberScout fraud expert.