People using digital devices to facilitate home and office automation is a tech trend that doesn’t appear to be slowing down. It’s hardly uncommon today to hear about someone managing their thermostat through a Nest device or monitoring their front porch via smartphone with an IoT security camera. Voice assistants have been growing both in popularity and usability, with some speculating that they’ll become the control center of tomorrow’s “smart home.” For every household or office need, it seems that there’s a vendor launching a smart device to manage it remotely. When it comes to the Internet of Things, the technology is there and people are using it.
The best practices for managing IoT devices securely however, especially in a business context, haven’t kept pace with the speed of adoption.
CompTIA’s 2019 Trends in Internet of Things report points out that 63 percent of businesses indicate that IoT security is a critical skill for IT employees and 42 percent consider themselves in need of improvement in the secure management of IoT. Businesses – SMBs especially – are starting to realize that the device they installed to dim the lights could double as a backdoor to their data.
Let’s take a look at just where IoT is slipping through the fingers of cybersecurity professionals, and what it might mean in the future for businesses that want streamline their office workday experiences without opening new doors to emerging forms of data breaches.
Home IoT Users Get a Surprise; Will Enterprise Follow?
Reports of ghostly voices coming out of home IoT baby monitors may sound ripped from a Paranormal Activity movie, but the reality of this recent spate of IoT crank calls recalls something more science fictional that supernatural. Unnerving reports of hackers talking through wired baby monitors that they’ve compromised have been making headlines. In fact, some have even been from white hat hackers who have taken it upon themselves to spook parents with an audible heads up that the device is not secured.
That’s for private residences. If we think of larger enterprises utilizing such solutions as in-office security cameras, or even similar baby monitors for nursery areas, it’s easy to imagine scenarios where such attacks are carefully orchestrated and aimed at businesses for the purposes of data theft and, in bigger businesses, espionage and even blackmail.
Video- and audio-gathering devices raise previously unimagined cybersecurity conundrums to think through, but so do other smart devices with functions that can be exploited in unique ways. Compromising an office’s smart locks, for instance, could allow a criminal to just open the door for themselves after hours and grab what they want.
And it’s not just the function of individual devices that business IoT users need to take into consideration. Even the most innocuous, improperly secured devices can grant hackers access to the rest of a network, allowing them to circumvent traditional network security and take whatever data they can get their hands on.
SMBs: A Likely Target for an IoT Attack
The CompTIA IoT report points out that SMBs, which once considered themselves capable of flying under the radar of hackers, are now finding that their data is just as valuable to hackers as major enterprises. In fact, because they lack the financial resources of big enterprises to dedicate to cybersecurity, they could find themselves even more readily in the crosshairs of a cyberattack than a larger business.
An increase in the prevalence of IoT devices could compound this existing problem. If an SMB doesn’t have a skilled, trained staff managing cybersecurity on its traditional devices, it’s even more likely that the company will overlook devices not traditionally understood as potential cyberattack vectors in the first place. One of the central challenges of IoT security for SMBs (and businesses of all sizes) continues to be recognizing that everything on the network – whether it’s a laptop, a thermostat or, quite literally, a toaster – needs to be assessed as a potential vulnerability and secured correctly.
IT For All Devices: Unique Challenges and New Attitudes
As IoT usage continues to proliferate in office environments, there will be even more unique cases that make network security difficult to manage. We can imagine, for instance, an SMB renting an office in a space in which the building manager decides to install smart locks, but does not secure them properly, leaving the business vulnerable but unable to take the proper cybersecurity measures to reduce risk.
Or a person within a business unit could find an IoT device to streamline a particular aspect of their work day, set it up on their own and never bother consulting IT about it, unknowingly creating a vulnerability.
More and more varied IoT devices will only increase the potential number of ways that hackers can creatively target a broader range of businesses for any number of reasons. To address the growing problems, it will be critically important for businesses not to let IoT out of their sight; to work with their IT staff and security solution providers to assess the relative risk posed by any device and assure that anything on the network is properly accounted for and secured.
As this year’s CompTIA IoT report points out, the first step in such an approach is a matter of determining a new corporate attitude that balances innovation with security-mindedness. As with many of the new technologies that have hit the scene in recent years, businesses stand to gain a lot – but keeping cybersecurity in mind at every step is critical to doing so safely and successfully.
Read the full CompTIA 2019 Trends in Internet of Things report or check out these other complimentary resources that may interest you:
Matthew Stern is a freelance writer based in Chicago who covers information technology, retail and various other topics and industries.