The Internet of Things (IoT) has become a staple in our everyday lives. Whether it’s remotely switching on the heating to ensure the house is warm when we arrive home, or boiling the kettle before we’ve even dragged ourselves out of bed, IoT is undoubtedly engrained into our daily lives - and its presence is only set to grow.
By: Martin Hodgson, Country Manager UK & Ireland, Paessler.
It’s projected that by 2025 there will be more than 75 billion connected devices - that’s more than triple the number of connected devices currently in existence.
This makes security solutions for data traffic in IoT all the more important. As with most technological developments, there have been waves of concern around the impact of IoT - and rightly so.
Entrenched in our homes, work, and near enough every other aspect of our lives, we’re increasingly giving devices access to our most personal and sensitive information. The value exchange of convenience for data means that we’re willing to share insights which we’d normally keep under lock and key such as logins and password - but at what cost?
Our digital assistance systems such like Siri, Alexa and even Google Home mean networking penetrates deeply into the most private sphere of users lives. Perhaps of more concern is that these IoT devices have also weaved their way into our businesses. Ultimately, the consequences of a business device being hacked can be much more serious. In fact, in some extreme cases, if IoT isn’t approached with caution, then the existence of a company can be at stake.
So, how easy is it to hack an IoT device?
In short: it is comparatively easy. IoT connects technical (production) systems - sometimes also work pieces or raw materials - to the web via standardised communication interfaces. This opens up the possibility of monitoring and control, not only for authorised users but anyone that knows how to gain access.
From there, hackers can either collect information about the respective systems, or they can take control of the systems concerned and, for example, trigger malfunctions. In some cases, all cyber criminals need to do to make this happen is to simply gain access to a password - it’s that easy.
Shockingly, rather than creating unique passwords for each system, many manufacturers use the same standard log-in data for all their devices to cut down on costs. Furthermore, if users create their own passwords, then it’s often a word they’ve used for other logins in their personal or work lives.
In fact, recent research highlights that 75% of people reuse their passwords across different accounts and remember, a hacker only needs to crack one password before the entire connected chain is affected.
What can be done to prevent this?
A possible and effective solution to improve security in IoT would be to allow users to easily change the login data for their smart devices, reminding them to use passwords that aren’t currently in use elsewhere.
Changing the login data regularly would significantly reduce the number of ‘vulnerable’ devices, making it much harder for hackers and bots to enter IoT devices and infiltrate our businesses and homes. IoT device manufacturers could also assign a unique, randomly generated password to each device and send it to the customer along with the device.
Using a network monitoring system will allow users to identify areas of weakness within their networks, highlighting potential issues and therefore helping to prevent attacks. Maintaining the health of the entire network, regardless of the type and number of devices, whilst upholding security standards are both essential.
Monitoring is key in keeping things moving and provides a holistic view of the entire network for the IT team. Having complete visibility of the network is paramount in maintaining cyber secure networks at all times.
IT administrators should be preparing their networks today to face the influx of connected devices expected in the not-too-distant future. To avoid your workplace network becoming a target for cyber criminals, it’s important to ensure you have clear visibility across all devices in the workplace.