Unsecured IoT Devices Give Hackers a Backdoor Into Your Network - Get Protected Now

2023-01-15

关注

Unsecured IoT Devices Give Hackers a Backdoor Into Your Network — Illustration: © IoT For All

Internet of Things (IoT) devices have become common in today’s workplaces. This trend is largely positive, too, with these gadgets offering many tangible benefits like increased efficiency and real-time data insights. However, you should also consider vulnerabilities when setting up these networks – including having unsecured IoT devices.

'Workplaces are implementing more IoT devices, and many unknowingly provide cybercriminals with an expanding world of opportunities.' -Emily NewtonClick To Tweet

Workplaces are implementing more IoT devices, and many unknowingly provide cybercriminals with an expanding world of opportunities. It’s certainly possible to use these systems safely, but it requires action that many businesses and users overlook. Here’s a closer look at how unsecured IoT devices can create vulnerabilities and how to secure them.

How IoT Device Vulnerabilities Endanger Your Network

The Internet of Things has become just as popular among cybercriminals as it has with users. One report from cybersecurity firm Zscaler found that IoT attacks rose by 700 percent year over year between 2019 and 2020. Here are a few of the most significant reasons.

Lateral Movement

The biggest reason IoT device vulnerabilities are such a threat is that they expand your attack surface. The more items there are on a network, the more potential entry points hackers have into it. Consequently, modern businesses’ rapid IoT adoption means cybercriminals have more opportunities than ever to breach these systems.

Conventional electronics like computers present a similar issue, but the danger of IoT devices is that they don’t seem critical at first. However, cyberattacks often target the weakest link and move to more sensitive systems and data. An IoT thermostat may seem innocuous, but a hacker could use it to break into the network and jump to a work computer or server.

This concept is called ‘lateral movement,’ and it can be difficult to manage if you don’t know about it. As a result, IoT adoption without improved security can endanger your whole network.

Limited Built-in Protections

Compounding the threat of lateral movement is the fact that many IoT devices lack sufficient built-in security. Anti-malware software, automatic updates, and encrypted traffic are almost standard in computers and other workplace electronics. That’s not the case with the Internet of Things.

IoT devices tend to serve specific functions and come in small packages, so they may not have the computing power to support advanced protections. The security software you use on other items may not work on IoT, leaving holes in your security.

Poor default settings take IoT device vulnerabilities further. These gadgets often have weak passwords, with “admin” appearing 21 million times in a mere month of study. Similarly, multifactor authentication (MFA) and network encryption are often off by default.

IT Sprawl

The way IoT devices contribute to IT sprawl presents another challenge. Companies may have more connected devices on their networks than they realize, making it harder to understand the risks.

IT managers likely know all the companies’ IoT devices, but employees’ personal devices muddy the waters and create more unsecured IoT devices. Smartwatches and other wearables are becoming more popular, and workers are bringing potentially unsecured endpoints to company networks without administrators knowing. This may seem harmless at first, but it heightens the risk of lateral movement.

It’s hard to track every device employees may connect to the company network. It’s even harder to verify their security, as these gadgets likely lack the protections that IT professionals require from business items. Consequently, consumer devices may pose a risk even if a workplace has no IoT networks of its own.

How to Secure IoT Devices

IoT device vulnerabilities are concerning, but thankfully, they’re fixable. Once businesses know how these gadgets can threaten their networks, it’s easier to protect them. Here are a few of the most important steps to secure these items.

Segment Your Network

One of the most critical security steps is to segment networks. This addresses IoT’s most significant vulnerability: lateral movement. Potentially insufficient security is less of a concern if it’s impossible to jump from an IoT device to a more sensitive endpoint.

There are two main approaches to this step: using entirely separate networks on different routers or setting up guest networks for IoT devices. Some routers can support up to six guest networks, making segmentation easy, but using separate hardware may be more secure. That way, the router won’t become a potential access point to sensitive data.

Remember to create a dedicated network for employees’ personal devices, too. Businesses often use a guest network for customers. However, they should also have one for workers’ phones, smartwatches, and other gadgets to ensure their lack of security doesn’t endanger critical systems.

Change Device Settings

Another important step to secure IoT devices is to change their settings from weak defaults. The most obvious culprits here are passwords. Before letting anything else connect to an IoT device, you should change the password to something stronger and enable MFA if the system supports it.

Next, businesses should ensure they encrypt all IoT data. You may have a few encryption options on some more advanced devices, and if that’s the case, go for the strongest one possible. You can also change your router settings to encrypt network traffic as an added layer of protection.

Updates are another area where IoT default settings often fall short. Enable automatic updates to ensure your firmware always has the latest protections, and choose devices with verification tools.

Employ Stricter Device Policies

Companies should revisit their device policies. Bring-your-own-device (BYOD) policies are almost a standard practice today, with 83 percent of companies allowing them for at least some employees. However, only 32 percent require workers to register them to install security software, creating vulnerabilities.

Even if businesses don’t require personal IoT devices to have security software, they should ensure employees register them. That way, network administrators have a better idea of what their attack surface looks like, making securing it easier.

Companies with particularly sensitive data may want to ban personal IoT devices in the workplace to limit unsecured IoT devices. This restriction can help minimize IoT device vulnerabilities, whether that applies to all employees or just those working with sensitive systems.

IoT Device Vulnerabilities Deserve Attention

Device manufacturers may improve built-in security features as IoT security issues become more prevalent and businesses emphasize IoT security. That will make it easier to secure IoT networks, letting you experience their full benefits without worrying about their vulnerabilities.

IoT has many pluses, but if companies don’t address its shortcomings, it could be more dangerous than it’s worth. Learning about vulnerabilities and following these steps will help businesses ensure IoT security pitfalls don’t counteract their advantages.

IT and Security
Cybersecurity
Internet of Things

IT and Security
Cybersecurity
Internet of Things

参考译文

不安全的物联网设备为黑客提供了进入网络的后门，现在就受到保护

物联网(IoT)设备在今天的工作场所已经变得普遍。这一趋势在很大程度上也是积极的，因为这些设备提供了许多切实的好处，比如提高效率和实时数据洞察。但是，在设置这些网络时也应该考虑漏洞——包括使用不安全的物联网设备。工作场所正在实施更多的物联网设备，许多人不知不觉地为网络犯罪分子提供了一个不断扩大的机会世界。安全使用这些系统当然是可能的，但它需要许多企业和用户忽视的行动。下面详细介绍不安全的物联网设备如何产生漏洞，以及如何保护它们。物联网在网络罪犯中和在用户中一样受欢迎。网络安全公司Zscaler的一份报告发现，2019年至2020年期间，物联网攻击同比增长了700%。以下是一些最重要的原因。物联网设备漏洞是一种威胁的最大原因是它们扩大了你的攻击面。网络上的项目越多，黑客进入网络的潜在入口就越多。因此，现代企业快速采用物联网意味着网络犯罪分子比以往任何时候都有更多机会攻破这些系统。传统的电子产品，如计算机，也存在类似的问题，但物联网设备的危险在于，一开始它们似乎并不重要。然而，网络攻击往往以最薄弱的环节为目标，转移到更敏感的系统和数据。物联网恒温器似乎无害，但黑客可以利用它闯入网络，跳转到工作计算机或服务器。这个概念被称为“横向移动”，如果你不了解它，就很难管理。因此，在没有提高安全性的情况下采用物联网可能会危及您的整个网络。许多物联网设备缺乏足够的内置安全性，这加剧了横向移动的威胁。反恶意软件、自动更新和加密通信几乎是电脑和其他工作场所电子设备的标配。但物联网却不是这样。物联网设备往往具有特定的功能，而且包装较小，因此它们可能不具备支持高级保护的计算能力。你在其他物品上使用的安全软件可能在物联网上不起作用，从而给你的安全留下漏洞。糟糕的默认设置进一步加剧了物联网设备的脆弱性。这些小工具的密码通常很弱，仅在一个月的研究中，“admin”就出现了2100万次。类似地，多因素身份验证(MFA)和网络加密通常在默认情况下是关闭的。物联网设备促进IT扩张的方式提出了另一个挑战。公司网络上的联网设备可能比他们意识到的要多，这让他们更难理解其中的风险。IT经理可能知道所有公司的物联网设备，但员工的个人设备把水搅浑了，创造了更多不安全的物联网设备。智能手表和其他可穿戴设备正变得越来越流行，员工们正在将可能不安全的终端带到公司网络，而管理员却不知情。这可能一开始看起来无害，但它增加了横向运动的风险。很难追踪员工可能连接到公司网络的每台设备。验证它们的安全性更加困难，因为这些设备可能缺乏It专业人员对业务项目所需的保护。因此，即使工作场所没有自己的物联网网络，消费者设备也可能构成风险。物联网设备的漏洞令人担忧，但幸运的是，它们是可以修复的。一旦企业知道这些小设备如何威胁他们的网络，保护它们就更容易了。这里有一些保护这些物品的最重要的步骤。最关键的安全步骤之一是对网络进行分段。这解决了物联网最重要的漏洞:横向移动。如果不可能从物联网设备跳转到更敏感的端点，那么潜在的安全性不足就不那么令人担忧了。这一步主要有两种方法:在不同的路由器上使用完全独立的网络或为物联网设备设置客户网络。一些路由器可以支持多达六个客户网络，使分割变得容易，但使用单独的硬件可能更安全。这样，路由器就不会成为敏感数据的潜在接入点。记住要为员工的个人设备创建一个专用的网络。企业经常使用客户网络。然而，他们也应该为员工的手机、智能手表和其他设备安装一个安全系统，以确保他们缺乏安全措施不会危及关键系统。保护物联网设备的另一个重要步骤是将其设置从弱默认值更改为弱默认值。这里最明显的罪魁祸首是密码。在让其他任何东西连接到物联网设备之前，您应该将密码更改为更强的密码，并在系统支持的情况下启用MFA。其次，企业应确保对所有物联网数据进行加密。在一些更高级的设备上，你可能有一些加密选项，如果是这样的话，尽可能使用最强的加密选项。您还可以更改路由器设置，以加密网络流量作为额外的保护层。更新是物联网默认设置经常达不到的另一个领域。启用自动更新以确保您的固件始终具有最新的保护，并选择带有验证工具的设备。公司应该重新审视他们的设备政策。如今，自带设备(BYOD)政策几乎是一种标准做法，83%的公司至少允许部分员工这样做。然而，只有32%的公司要求员工注册安装安全软件，这就产生了漏洞。即使企业不要求个人物联网设备安装安全软件，也应该确保员工注册这些设备。这样，网络管理员就能更好地了解他们的攻击面是什么样的，从而更容易保护它。拥有特别敏感数据的公司可能希望禁止在工作场所使用个人物联网设备，以限制不安全的物联网设备。这一限制有助于最大限度地减少物联网设备漏洞，无论是适用于所有员工，还是仅适用于那些使用敏感系统的员工。随着物联网安全问题越来越普遍，企业也越来越重视物联网安全，设备制造商可能会改进内置安全功能。这将使物联网网络更容易保护，让您体验它们的全部好处，而不用担心它们的漏洞。物联网有很多优点，但如果公司不解决它的缺点，它可能会比它的价值更危险。了解漏洞并遵循这些步骤将有助于企业确保物联网安全缺陷不会抵消其优势。

您觉得本篇内容如何

评分

声明：本文内容及配图源自互联网收集，目的在于传递更多信息，并不代表本网赞同其观点或证实其内容真实性，不承担此类作品侵权行为的直接责任及连带责任。如涉及作品内容、版权等问题，请联系本网处理，侵权内容将在一周内下架整改。