Internet of Things (IoT) devices have become ubiquitous, transforming industries and revolutionising operations. In 2023, Research body, Statista, forecast that Internet IoT devices worldwide would almost double in the decade between 2020 (15.1 billion devices) and 2030 (29 billion). However, amid the convenience and efficiency these devices offer, there lurks a dangerous adversary: cybersecurity vulnerabilities. Despite the fact that the risks have been apparent for several years now, many corporate executives overlook the alarming risk. In truth, urgent attention and a shift in cybersecurity strategies are required.
Beyond Cyber Managing Director, Mynhardt van der Walt, points out, “The current state of cybersecurity readiness among companies, particularly in relation to IoT devices, leaves much to be desired. Despite widespread use of IoT devices, many organisations lack the capacity and understanding to effectively secure these devices.” The result? A massive blind spot in cybersecurity frameworks, where countless unattended IoT devices serve as potential entry points for malicious actors. Van der Walt says most companies underestimate the number of IP-enabled devices they have by two or three times.
IoT risk extends far beyond industrial control systems
While companies generally recognise the danger of exposed industrial control systems, for example, the reality includes everything from security cameras to printers with scan-to-email functionalities, to ageing access control scanners. Unprotected security cameras – if default passwords aren’t changed – can enable threat actors to see when doors are unattended, who enters and exits a building and potentially even gain physical access if the control devices are similarly unprotected. These devices often operate unnoticed, their vulnerabilities simply overlooked because they are not perceived as “IT” devices or included in threat assessments. Even mundane devices like printers, when left unsecured, become repositories of sensitive corporate information, ripe for exploitation. “Consider that a printer with scan-to-email capability potentially retains every scanned document on a hard drive,” says van der Walt. “When that printer gets serviced, unencrypted scans of any sensitive documents may fall into the hands of unauthorised personnel.”
Seemingly innocuous devices can include personal devices brought into corporate environments. A PlayStation is effectively a fully-fledged Linux device and becomes a potent tool in the hands of a skilled hacker, capable of infiltrating internal networks with serious consequences. Similarly, Android TVs, trusted implicitly, can serve as invisible gateways to data breaches. An early and unusual unconventional example is a fish tank that featured Internet connectivity to allow the tank to be remotely monitored, automatically adjust temperature and salinity, and automate feedings. Forbes magazine reported that as early as 2017 that it enabled hackers to steal 10 gigabytes from a North American casino.
Unseen IoT Risks Imply Unknown Regulatory Compliance Risks
The consequences of IoT-related security breaches are not hypothetical; they are stark realities. From casinos compromised through fish tank sensors to the infamous WannaCry ransomware attack that infected more than 200,000 machines in over 150 countries, the fallout from IoT vulnerabilities can be catastrophic. Moreover, regulatory compliance and data privacy regulations loom large, imposing additional pressures on companies to fortify their cybersecurity defences.
Sometimes relegated to second-class concerns because of their non-mainstream status, IoT security threats pose no less of a danger to corporate fiduciary and privacy responsibilities than traditional cybersecurity threats. The fact that boards and C-suite executives may not be aware of the full scope of the IoT challenge only exacerbates the situation.
In the face of these escalating threats, a paradigm shift is imperative. Companies must adopt a zero-trust approach that extends to all devices within their networks, irrespective of size, perceived importance or origin (private or company assets). Regulatory compliance must not be viewed as a mere checkbox exercise but as an essential component of holistic cybersecurity strategies. And crucially, executives must recognise that the cost of inaction far outweighs the investment required to safeguard against IoT-related threats – even though exchange rates make the cost of securing cameras, printers and the like seem excessive.
While the challenges posed by IoT cybersecurity are formidable, they are not insurmountable. By prioritising awareness, education, and proactive measures, companies can navigate the treacherous waters of the IoT landscape with confidence.
About Beyond Cyber
Beyond Cyber is a cybersecurity trailblazer, dedicated to safeguarding your success. With a legacy of pioneering cybersecurity solutions long before it became mainstream, we stand out for our genuine client partnerships and tailored approach that go beyond technical services and solutions. The fact that 90% of our clients come from referrals underscores the value we deliver and the relationships we cherish. At Beyond Cyber, we prioritise relationships over transactions and integrity over profit.
At the same time, we deliver exceptional service based on market-leading products from the world’s top cybersecurity product manufacturers to protect businesses from ever-evolving cyber threats. Our aspiration is to be synonymous with cybersecurity excellence, recognised for our expertise in niche markets and critical products. We thrive on solving problems and addressing the unique challenges our clients face. Learn more about how Beyond Cyber can safeguard your success at www.beyondcyber.io
.