In recent years, we have watched on as the Internet of Things (IOT) has had an increasing impact on our lives and has transformed the way we work. This impact is predicted to continue, with the GSMA estimating that by 2030, there will be 38 billion connected IoT devices.
Whilst not always direct targets, IoT devices provide a growing area of concern for cyber security experts and leaders. Many IoT devices have not been built with a security focus, meaning that vulnerabilities such as poor encryption, irregular security updates and weak authentication make them a prime target for threat actors.
It has recently been revealed by the NCSC that a China-linked company has managed a botnet consisting of over 260,000 compromised devices around the world. These compromised devices include routers, firewalls, and IoT devices – which can then be used by the actors for a variety of malicious purposes, such as malware delivery and distributed denial of service attacks (DDoS).
Recommended Mitigations:
- Disable unused services and ports – Lock down any unused ports and review any services such as remote management options on devices and disable where not needed.
- Isolate IoT devices where possible – Try to use separate networks for IoT devices, removing any crossover with sensitive data.
- Apply security patches and updates – Where available from the vendor, apply security updates on a regular basis.
- Change default passwords – Many devices, including IoT devices will have default passwords that can often be found online. Change any of these in line with a strong password policy.