Top 5 misconceptions of IoT network and device security

There is no shortage of opportunities that hackers are willing to exploit.

home security
Shutterstock

Security in multiples

The Internet of Things (IoT) describes an interconnected system of standalone devices, which communicate and transfer data within the existing internet infrastructure, providing greater insight and control over elements in our increasingly connected lives. With an estimated 30 billion connected devices to be deployed across the globe by 2020, the promise of a global Internet of Things is fast approaching, posing a whole new level of threats to connected organizations. To a potential attacker, a device presents an interesting target for several reasons. First, many of the devices will have an inherent value by the simple nature of their function. A connected security camera, for example, could provide valuable information about the security posture of a given location when compromised. Hackers are already using IoT devices for their malicious purposes in multiple types of attacks on networks and servers. DSL, DDoS and bot attacks in 2016 have proven that there is no shortage of opportunities that hackers are willing to exploit. Portnox explains these common misconceptions.

 

businessman relaxing stretching calm thoughtful 56515092
Thinkstock

Why would I care about the type of device that connects to the network? Someone has already approved it!

IoT devices seem to get all-access passes to corporate networks due to the assumption that they can bring no harm to your network.

FACT: What users fail to comprehend is that IoT devices are possibly the weakest point in the corporate network. When an IP connects to an internet forum that’s OK, but when that IP is an IP security camera, it probably means that, that IP security camera is compromised.

hackers shadows group gang
Thinkstock

Only IT teams connect IoT devices to the corporate network

The notion that only IT teams connect IoT devices to the organizational network doesn’t reflect our reality.

FACT: In reality, there are many instances where an employee can connect their own device to the corporate network without it being cleared by IT. For instance, a doctor might bring a medical device to help him better diagnose his patients, he just plugs the device into the hospital network and uses it. Since IT never checked its security settings, the hospital network becomes susceptible to malicious activity, such as the theft of patients’ medical records.

security lock
Thinkstock

If it’s a hardware device – it’s secure!

On-prem appliances provide security teams with a false sense that they are safer than other software-based solutions.

FACT: Once appliances leave the vendor, regular firmware patch updates are required. Appliances that have not been vigilantly updated with the latest firmware patch expose corporate networks to security risks.

device security
Martyn Williams/IDGNS

It’s OK to connect your point of sales (POS), PC and IP Security camera on the same network segment

What can potentially go wrong? It’s convenient and easy to define. There shouldn’t be any issues from a security stand point. Right? Wrong.

FACT: Since IoT devices are your weakest link, putting them on the same network segment as other devices, you not only put them at risk, you also make the hacker’s job much easier.

default settings
InfoWorld

If it’s up and running, it’s good to go!

Another common misconception is that if a device is working on default configuration, then that is enough. For example, setting up an IP camera on the network without first changing the default password.

FACT: This default configuration poses a significant threat by exposing the device to attacks from other unsecured devices. Failing to change the default settings on an IoT device can allow a hacker to remotely execute malicious code, spy on users, break devices, or recruit them into a DDoS botnet through a known backdoor. Most users do not bother to change factory default usernames and passwords, making the hackers’ lives much easier.