“IoT will become another ‘shadow IT’ headache”
IoT and firmware exploits will prove to be highly effective against both consumers and organizations.
DDoS attacks such as the Mirai powered attack on Dyn and Krebbs will continue to plague organizations, but the attacks will become more intelligent and focused, successfully executing data theft and escalation of privilege of enterprise systems.
IoT systems lack many of the protections that are commonly found in data center and Commercial Off-the-Shelf (COTS) systems. The systems are often low powered, meaning that advanced encryption and data integrity functions are not available.
IoT systems are often designed by small teams that understand the physical problems being solved (cameras, thermostats, solar panels). They, however, often lack the expertise and resources to conduct the requisite security hardening of these systems.
The systems are headless and remotely managed which often requires a “back door” account for system recovery. Software upgrades are subject to malicious code injection, as the IoT systems often lack the capability to cryptographically validate an update.
IoT will become another ‘shadow IT’ headache, as IoT-based devices increasingly pop up across enterprise departments. Facilities departments in particular will need become more integrated with enterprise security as they deploy countless sensors and controllers.
This relationship will be especially important in organizations that maintain critical infrastructure (energy, utilities and transportation) as IoT and SCADA merge.
[su_box title=”About Peter Kofod” style=”noise” box_color=”#336588″][short_info id=’100100′ desc=”true” all=”false”][/su_box]