It has been reported that 2.7 million businesses in the UK are leaving their corporate networks vulnerable to Internet of Things (IoT) hacks. Forty seven percent admitted to not updating default passwords on IoT devices when they’re added to corporate networks, and 15% admitted to not keeping security patches up to date. Natan Bandler, CEO and Co-Founder at Cy-OT commented below.
Natan Bandler, CEO and Co-Founder at Cy-OT:
“It is not surprising that such a large number of businesses in the UK are leaving themselves vulnerable to IoT hacks; way more than 2.7 million organisations should be worried. IoT devices are the easiest way in and out of an organisation as they are the weakest link in a company’s cybersecurity chain. Organisations have zero visibility into these devices, and they are not protected adequately.
“Even though, according to this research, 85% of businesses are keeping patches up to date, it is basically irrelevant. You can’t expect all devices to be patched; in fact there are often not even relevant patches available for all IoT devices. Organisations should not trust the IoT device itself, patched or not. It needs to protect itself and put mechanisms in place to secure its data and sensitive assets, especially as some of the IoT devices may not belong to the organisation itself.
“Insecure devices are the easiest way to get into an organisation, enabling cybercriminals to scan your network, install malware, conduct reconnaissance and exfiltrate data by bypassing other security mechanisms.
“What is needed is a dedicated cybersecurity solution that is monitoring both the IoT device and its activity, 24 x 7. By doing this, an organisation will be able to detect when and which devices are at risk. The answer does not lie within the device itself, but with a solution that your Security Operations Team can control.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.