Internet of things (IoT) devices have seen year on year increases in business and personal use because they are usually beneficial in being convenient and easy to use. IoT devices are used for various purposes, from making smart homes to implementing a business’s security system. As with all internet connected devices, some risks could expose the users to external and possibly internal threats from malicious attackers.
Until recently, there was no security standard for IoT devices resulting in a lack of security awareness and focus during development. However, there is now a European IoT standard (ETSI EN 303 645) to ensure a higher focus on security in IoT devices for manufacturers. This does not ensure vulnerabilities will not be present but will help reduce the risk to these devices. Alongside this, security testing should be done to increase awareness of risks that are present.
Have you ever tested your IoT devices? These consist of but are not limited to cameras, printers, smart lock devices and security doors. IoT devices are usually not given much priority in testing resulting in more vulnerabilities in the network you are not aware of. Business implementations of IoT usually consist of security related devices or devices used to handle or store sensitive information.
Both of these have direct risks where compromise could lead to attackers gaining sensitive information. However, these are not the only risks. Certain vulnerabilities may give attackers access to the internal network allowing lateral movement and lead to disclosing more sensitive information. In some cases, this can result in complete compromise of your network. Do you want this to happen to you? If not, keep reading.
No, but being proactive and understanding what we can do is an excellent first step. The good news is the new European standard for IoT devices will help improve the standard of IoT security before it even reaches your hands.
This includes but is not limited to:
Does this mean IoT devices will be secure? No, but it will reduce the average risk from each IoT device. As you might have realized by now, this is not good enough for long term security, but it is a start. Relying on manufacturers to provide secure devices is easier, but does not guarantee that even basic security requirements will be met.
First, get a list of all IoT devices you own and ensure you are aware of how many there are of each. From here, get as many of these IoT devices security tested to find the vulnerabilities missed by the manufacturers.
Next, apply all possible fixes to your IoT devices, and be prepared to remove some from your network if they contain critical risks with no known patches. Risk Crew recommends adding this to your annual testing portfolio. Your security is worth investing in, so make sure you do.
With the increase in IoT usage, it is important to be aware of what risks they may bring into your business and your home. By increasing your focus on security, you will be more aware of the potential threat and limit risks associated with IoT devices you use. The question now becomes, will you do your best to improve your security? Because we will.
Risk Crew offers a full portfolio of security penetration testing that includes IoT Security Penetration Testing. Visit our webpage or download our brochure to learn more.
Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…
Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…
It is an undeniable fact that all applications and infrastructures are essentially in need of…
