This morning, a security firm announced the findings of its Internet of Things (IoT) report, which found that an increase in personal IoT devices, such as fitness trackers and virtual assistants, are being connected to corporate networks and putting companies at risk from cyber-attack. Daniel Moscovici, Co-founder at Cy-oT commented below.
Daniel Moscovici, Co-founder at Cy-oT:
“We have seen organisations investing a lot of money in mechanisms to protect their networks, perimeters and endpoints, so attackers will use the path of least resistance in terms of attack surface – connected devices, especially in a wireless environment. However, organisations are unaware that it’s not only the corporate network that is in danger; its airspace is also under threat. Hackers can connect via P2P directly to these assets and, from there, get into the corporate network.
“IoT devices are exposed for multiple reasons. Some of them can have built in vulnerabilities, and are actually shipped from the factory as a hackable device or a ready to use botnet. IoT devices can also be exposed through their cloud or web application services, as these are often not adequately secured. The wireless networks surrounding IoT devices are also highly unprotected; think WPA2 vulnerabilities. Wireless infrastructures are very sensitive, especially where multiple devices from multiple vendors/users are concerned. Some will even be from outside your company walls – for example if an employee takes a company device and connects to a local Starbucks Wi-Fi.
“What is needed is a dedicated cybersecurity solution that monitors both the IoT device and its activity 24 x 7, and can neutralise the threat. By doing this, an organisation will be able to detect when and which devices are at risk, as well as mitigate the threat in real time without physically looking for it. The answer does not lie within the device itself, but with a solution that brings your Security Operations Team visibility and control.”