By 2017, there will be 3.1 billion IoT devices out there. By 2020, Gartner predicts the number will jump to 20.4 billion. Without proper cybersecurity measures, they are sitting ducks for an attack. Is your organisation prepared for the revolution?
If not, you could leave yourself wide open to SQL injections, botnets, and brute force attacks. You shouldn’t merely rely on automatic updates, since many device manufacturers will not push them out very often, and several of these devices don’t support them in the first place.
The very first thing you should do is change the default password. As the Mirai botnet case has clearly demonstrated, cybercriminals often take advantage of secure backdoors installed by manufacturers with the combination of unchanged default passwords to infect the device.
Someone in your organisation must be assigned to carry out regular patches and ensure that updates have been applied properly. Keeping a list of connected devices that are related to the transfer of sensitive data is also a good idea.
Devices that aren’t routers or modems should always be located behind firewalls or secure gateways. Ideally, IoT devices should be on separate segments, and micro-segmented networks. That way, even if they somehow do get infected, the infection won’t spread to the rest of the network.
As IoT continues to rise in popularity, so will the number of cyberattacks. By properly educating yourself and your staff, and by putting proper policies in place, you will significantly reduce the chance of falling prey to them.