5G is a developing standard and a set of technologies that include MIMO, the use of the millimeter wave spectrum, small cell technology, and improved network management techniques. Together, they…
Jump To:
Internet of Things (IoT) devices have been introduced to business networks in growing numbers over the last few years. Smart internet-connected devices are useful in dozens of domains and are doing valuable work in logistics, security, monitoring, communications, production line management, manufacturing, data collection, and maintenance.
The degree to which these devices pose a security risk to the businesses that use them has not been widely appreciated, nor has the need for technical training and the recruitment of cybersecurity experts who understand how to securely integrate them into business networks.
Ever-Growing Data Storage and Connectivity in the IoT
According to Statista, in 2015 there were 15 billion Internet of Things devices in use. By next year that’s expected to grow to 30 billion devices, and over 75 billion by 2025. Because they have proven so useful, businesses are enthusiastically bringing IoT devices into their networks, sometimes with the oversight of IT departments and cybersecurity professionals, but not always. Employees may not realize that the cheap smart speaker they bring into the office to listen to music could also be the perfect entry point for an attacker.
The first global security disaster caused by lax IoT security occurred in 2019 when the Mirai botnet knocked sections of the internet offline with savage distributed denial of service attacks. Mirai was not a sophisticated piece of software; it scanned the internet for open Telnet ports and used a small dictionary of default passwords to take over tens of thousands of devices. Many of the devices dragooned in the Mirai botnet were inexpensive “smart” security cameras that were themselves woefully insecure.
New Tech Opportunities Present New Security Risks
A recent report from Zscaler shows that Mirai’s lessons have not been learned. Zscaler researchers looked at traffic on the company’s IoT cloud network and discovered over a thousand businesses with IoT devices that ranged from IP cameras and smartwatches to set-top boxes and industry control devices. They monitored 56 million IoT device transactions and observed that a large majority of devices communicated insecurely.
Among the security issues, Zscaler discovered plain-text HTTP communication between devices and servers, plain-text authentication, the use of outdated software libraries, and weak default credentials (the cause of Mirai’s success). Over 90 percent of IoT transactions were carried out over plain text — they could easily be intercepted by a man-in-the-middle attacker. Only 8 percent used SSL encryption for all communications.
It would be bad enough if insecure devices were on dedicated WiFi networks used primarily for non-sensitive communications. But in many cases businesses put insecure devices on the same networks that connect servers that store sensitive data and run business-critical workloads.
Is Your Business Prepared For the Internet of Things?
The issue is partly that businesses have not properly assessed the risk of adding insecure IoT devices to their networks, and partly that they buy inexpensive consumer devices that are not security hardened to a standard that meets the needs of business users.
As billions of smart devices are brought into businesses each year, there is a clear need for companies to cultivate IoT expertise through technical training and executive recruitment. The IoT is a transformative technology, the adoption of which will only be accelerated by the introduction of 5G, but it also represents a cybersecurity threat that many businesses are not yet prepared to deal with.
