• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Articles
  • News
  • Events
  • Advertize
  • Jobs
  • Courses
  • Contact
  • (0)
  • LoginRegister
    • Facebook
    • LinkedIn
    • RSS
      Articles
      News
      Events
      Job Posts
    • Twitter
Datafloq

Datafloq

Data and Technology Insights

  • Categories
    • Big Data
    • Blockchain
    • Cloud
    • Internet Of Things
    • Metaverse
    • Robotics
    • Cybersecurity
    • Startups
    • Strategy
    • Technical
  • Big Data
  • Blockchain
  • Cloud
  • Metaverse
  • Internet Of Things
  • Robotics
  • Cybersecurity
  • Startups
  • Strategy
  • Technical

Cut Corners: The Weak Link in IoT Cybersecurity

Tim Roncevich / 4 min read.
June 27, 2018
Datafloq AI Score
×

Datafloq AI Score: 60.33

Datafloq enables anyone to contribute articles, but we value high-quality content. This means that we do not accept SEO link building content, spammy articles, clickbait, articles written by bots and especially not misinformation. Therefore, we have developed an AI, built using multiple built open-source and proprietary tools to instantly define whether an article is written by a human or a bot and determine the level of bias, objectivity, whether it is fact-based or not, sentiment and overall quality.

Articles published on Datafloq need to have a minimum AI score of 60% and we provide this graph to give more detailed information on how we rate this article. Please note that this is a work in progress and if you have any suggestions, feel free to contact us.

floq.to/Wt3lL

Companies commonly overlook IoT risks. Many times they assume that they are being managed by a third party or don’t understand how IoT devices connect to their traditional network. But internet-connected devices could pose a major threat to your network’s security. They can be either a point of entry to your network or used to attack someone else’s system.

IoT devices can be particularly worrisome when you rely on employees to operate them securely. According to a 2017 Willis Towers Watson study, employee negligence is responsible for 66 percent of cyber breaches. Employees may not be malicious. But they could be careless. Their negligence could be your problem if your network is breached. Take these next two examples of how a lack of basic security best practices resulted in a massive exposure to risk ‘or worse, a massive attack.

IoT Entry Point Attacks

In 2015, researchers found that more than 5,000 U.S. gas stations were at risk of a breach because their automated tank gauges (ATGs) were on the public internet ‘without password protection. Trend Micro had also found examples of hackers attacking the devices, from simply modifying a gas tank’s product label to dangerously altering the tank’s behavior.

According to DarkReading, the problem has worsened, with 5,635 locations were found to be vulnerable in 2018. The exposed gas stations’ tank gauge data can be accessed by attackers as well as manipulated for fuel theft or other sabotage.

DDoS Attacks

Hackers used IoT devices infected with Mirai malware to launch a DDoS attack against DNS provider Dyn in 2016. According to Datafloq, the malware found and infected more than 500,000 IoT devices that were still using default passwords.

Although attacks on IoT devices ranked just tenth among the chief concerns of the 580 respondents to the 2017 Black Hat Attendee Survey, 34 percent of those cybersecurity professionals indicated that IoT security would be their #1 concern within two years. This makes sense as Gartner estimates that over 20 billion IoT devices will be connected by 2020, up from 8.4 billion in 2017, said cybersecurity evangelist Ken Mafli.

To mitigate these attacks, you can improve your IoT security by watching for these common cut corners.

1. No Passwords

Alan English, the director of brand development at fuel management application provider Veeder-Root, told DarkReading that problems can occur with ATGs because users do not properly configure the devices with strong passwords and place them behind a firewall. “Users need to maintain proper network safeguards, as they would for any other Internet-connected device in order to prevent outside traffic. This includes the use of firewalls and strong passwords, said English.


Interested in what the future will bring? Download our 2023 Technology Trends eBook for free.

Consent

2. Weak Passwords

Using passwords that hackers can easily guess can be just as dangerous as no passwords at all. Unfortunately, employees tend to use easily searchable names or terms as passwords. They also often use the same password for multiple sites, meaning that their IoT devices could be breached if their passwords are compromised elsewhere.

Natasha Lane, writing for Datafloq, recommends implementing multi-factor authentication to prevent human errors in cyber security. Multi-factor authentication verifies who a person is based on at least two of three elements: what they know, what they have, and who they are.

3. Using Secure Technology

IOActive’s Lucas Lundgren found that more than 65,000 IoT servers using the Message Queuing Telemetry Transport (MQTT) protocol on the internet were not using any authentication or encrypted communication. He also developed a tool that could attack MQTT-based servers, see the data being sent and received, and control the devices.

Lundgren presented at Black Hat USA 2017 on taking over the world through MQTT and noted that he could view coordinates for airplanes, electrical meter readouts, and the status of home alarm and automation systems. He also was able to send messages and commands, issue firmware updates to devices, and even open prison doors.

Using unsecured technology could potentially expose your entire network to attack. You must deploy end-to-end encryption with strong asymmetric encryption for any communication with the IoT device. Preferably, you should also deploy 256-bit symmetric encryption for any sensitive data-at-rest. This will ensure that your IoT devices are hardened against likely attacks.

Moving Forward

Human error and cut corners will always remain a factor in cybersecurity. But you can protect against data breaches by using a SOC 2 audit to confirm that you handle customer data properly.

Aimed at companies that store sensitive information for other organizations, SOC 2 reports detail the controls of the systems used to process data and the security and privacy of that data. This includes looking at factors such as password policies and IoT technologies. You will find areas where you are vulnerable and learn ways to improve.

IoT cybersecurity will continue to grow in importance as more workplace devices are connected to the internet and hackers seek to exploit their vulnerability. Protect your network ‘and your company ‘by avoiding cutting corners and helping your employees operate their devices securely.

Categories: Cybersecurity, Internet Of Things
Tags: Data security, internet of things, IoT

About Tim Roncevich

Tim Roncevich is a partner at CyberGuard Compliance. Tim worked previously at a large global accounting firm, where he specialized in SOC audits. With over 15 years of professional experience, Tim has an excellent diversity of skills to effectively serve his clients. Tim's industry expertise includes Service as a Software (SaaS), manufacturing, technology, banking, retail, consumer products, mortgage, and professional services.

Primary Sidebar

E-mail Newsletter

Sign up to receive email updates daily and to hear what's going on with us!

Publish
AN Article
Submit
a press release
List
AN Event
Create
A Job Post

Related Articles

The Advantages of IT Staff Augmentation Over Traditional Hiring

May 4, 2023 By Mukesh Ram

The State of Digital Asset Management in 2023

May 3, 2023 By pimcoremkt

Test Data Management – Implementation Challenges and Tools Available

May 1, 2023 By yash.mehta262

Related Jobs

  • Software Engineer | South Yorkshire, GB - February 07, 2023
  • Software Engineer with C# .net Investment House | London, GB - February 07, 2023
  • Senior Java Developer | London, GB - February 07, 2023
  • Software Engineer – Growing Digital Media Company | London, GB - February 07, 2023
  • LBG Returners – Senior Data Analyst | Chester Moor, GB - February 07, 2023
More Jobs

Tags

AI Amazon analysis analytics application Artificial Intelligence BI Big Data business China Cloud Companies company crypto customers Data design development digital engineer engineering environment experience future Google+ government Group health information learning machine learning mobile news public research security services share skills social social media software solutions strategy technology

Related Events

  • 6th Middle East Banking AI & Analytics Summit 2023 | Riyadh, Saudi Arabia - May 10, 2023
  • Data Science Salon NYC: AI & Machine Learning in Finance & Technology | The Theater Center - December 7, 2022
  • Big Data LDN 2023 | Olympia London - September 20, 2023
More events

Related Online Courses

  • Oracle Cloud Data Management Foundations Workshop
  • Data Science at Scale
  • Statistics with Python
More courses

Footer


Datafloq is the one-stop source for big data, blockchain and artificial intelligence. We offer information, insights and opportunities to drive innovation with emerging technologies.

  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Recent

  • 5 Reasons Why Modern Data Integration Gives You a Competitive Advantage
  • 5 Most Common Database Structures for Small Businesses
  • 6 Ways to Reduce IT Costs Through Observability
  • How is Big Data Analytics Used in Business? These 5 Use Cases Share Valuable Insights
  • How Realistic Are Self-Driving Cars?

Search

Tags

AI Amazon analysis analytics application Artificial Intelligence BI Big Data business China Cloud Companies company crypto customers Data design development digital engineer engineering environment experience future Google+ government Group health information learning machine learning mobile news public research security services share skills social social media software solutions strategy technology

Copyright © 2023 Datafloq
HTML Sitemap| Privacy| Terms| Cookies

  • Facebook
  • Twitter
  • LinkedIn
  • WhatsApp

In order to optimize the website and to continuously improve Datafloq, we use cookies. For more information click here.

settings

Dear visitor,
Thank you for visiting Datafloq. If you find our content interesting, please subscribe to our weekly newsletter:

Did you know that you can publish job posts for free on Datafloq? You can start immediately and find the best candidates for free! Click here to get started.

Not Now Subscribe

Thanks for visiting Datafloq
If you enjoyed our content on emerging technologies, why not subscribe to our weekly newsletter to receive the latest news straight into your mailbox?

Subscribe

No thanks

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Marketing cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!