As we come into the last few days of Cyber Awareness Month, we take a look at connected devices.
Connected devices (IoT) has been leading discussions within the tech industry for a while now, almost every day there are new forms of IoT or even updated forms of IoT (such as second and third generation). IoT networks offer a range of capabilities that are desirable to not only individuals for personal use, but also businesses. Using this type of technology to make life easier at home or in the office is a huge benefit.
Internet-enabled devices are increasingly popular. These devices often go unnoticed, whilst simply appearing within network infrastructures and using wired or wireless connections alongside expanding the enterprise attack surface.
These connected devices have countless benefits, considerations must be made for how an increase of connected devices heightens the cyber-risk of making IoT networks more suspectable to cyber invasions and infections which can lead to information being compromised. More data is being shared through the IoT, among many more participants, but more sensitive data is being shared. As a result, the risks are exponentially greater.
IoT devices can be inherently insecure due to their easy setup and fairly negligent security measures. These devices are usually created to be used straight away with a minimal setup so users often aren’t often required to set up security precautions such as a password or any other type of authentication. In many cases, devices of the same make/model may come equipped with the same default password. Ultimately meaning that if you buy the same device as your neighbour, their device could have the same password, making both devices easy targets for cybercriminals.
According to Armis, by the year 2021, over 90% of these types of enterprise devices will not be manageable by traditional IT security tools. IBM also predicted that there would be the surpassing of 25 billion connected devices in 2020, this number is likely to continue increasing in the future. Alongside this, Business Insider Intelligence forecasts that there will be more than 64 billion IoT devices installed around the world by 2026.
One suggestion for connected devices has been to apply a cyber risk score to products as they are sold. This score could take the form of the cyber risk scores already developed by companies like Orpheus. Using known vulnerabilities, threat intelligence and an assessment of the individual product, a score could be developed. This visibility would encourage product developers and consumers to consider security alongside functionality. A cyber risk score would serve as a reminder to consumers that the product they are purchasing is not risk free. Consumers would be likely to consider that in the decision making process, hopefully choosing products that represented a smaller risk.
Cyber risk scores will become more prevalent in the coming years for organisations and would likely be quite recognisable to an increasingly security aware consumer base.