The growing number of connected and interactive devices continues to threaten security and pose privacy risks, experts warn.
Speaking at Infosecurity Europe 2023, Madelein van der Hout, Senior Security and Risk Analyst at Forrester Research, and Peter Griggs, Principal Cyber Security Engineer at Transport for London (TfL), discuss everything from smart speakers to surveillance cameras. warned of the risks associated with increased hardware usage. It gives attackers easy access to both home and corporate networks.
Griggs suggested that connected devices “have gone from enablers to necessities.” But we risk taking their security and resilience for granted.
Research backs up the risks posed by connected devices. According to van der Hout, the number of companies experiencing attackers who “use IoT devices to break into their businesses” will rise from 41% to 54% in the first months of 2023. Increased.
For Griggs, at least part of the problem stems from the device’s continued lack of basic security. “Things like default credentials are used to pivot to the network,” he said.
“These are closed-box devices. is increasing,” Griggs explained.
For example, companies may not want smart speakers in their boardrooms. “It’s a big challenge,” he said.
“The biggest problem is losing control,” Griggs added. “There used to be a process of buying IoT, but now it’s easy to get that equipment. You can get Alexa at lunchtime and connect to the network. It will allow us to have CCTV that can be viewed on the phone and allows for lateral movement.”
He added that organizations should try to isolate smart and IoT devices from corporate networks as much as possible.
However, the speakers said device vendors also need to do more to make their devices more secure.
EU legislation, in particular, requires manufacturers to ensure that they move away from default credentials that lead to easy compromise.
“Vendors need to stop using default credentials,” Griggs said. “It’s 2023! There are more things you can use to protect these devices.”
Read more about IoT cybersecurity: How to implement a solid IoT cybersecurity strategy
Better use of the Software Bill of Materials (SBOM) also helps end-user organizations identify potential vulnerabilities such as Log4J. But organizations also need to act to raise user awareness, Griggs added. You should also scrutinize your devices further and, if possible, try to monitor the data traffic they generate.
“You can’t stop IoT devices. The industry has moved from a culture of ‘no’ to a culture of enabling. But we need more recognition. I don’t want to put smart speakers in private places,” he concluded.
