With the growing use of IoT devices there has been an increase in cyber attacks against these, using various exploitable vulnerabilities. In the first two months of 2023 there was an average of almost 60 attacks per organization per week targeting IoT devices: 41 percent higher than in 2022, and more than triple the number of attacks from two years ago.
These IoT devices attacked range from a variety of common IoT devices like routers, IP cameras, DVRs (digital video recorders) to NVRs (network video recorders), printers and more. IoT devices such as speakers and IP cameras have become increasingly common in remote work and learning environments, providing cybercriminals with a wealth of potential entry points.
One contributing factor to this increase is the rapid digital transformation that occurred in various sectors during the pandemic. This transformation, driven by the need for business continuity, often took place without proper consideration of security measures, leaving vulnerabilities in place, says Check Point Research.
Cybercriminals are aware that IoT devices are notoriously one of the most vulnerable parts in the networks, with most not properly secured or managed. With IoT devices like cameras and printers, its vulnerabilities and other such unmanaged devices can allow direct access and significant privacy violation, allowing attackers an initial foothold into corporate networks, before propagating inside the breached network.
How can organizations protect themselves against IoT attacks
With the increase reliance that organizations have on IoT devices for daily operations, it is crucial that they remain vigilant and proactive in securing these devices. Some steps that can be taken to improve IoT security include:
- Purchasing IoT devices from reputable brands that prioritize security, implementing security measures inside the devices before distribution to market.
- Practicing password complexity policies and using multi-factor authentication (MFA) when applicable.
- Ensuring connected devices are updated with the latest software and maintaining good device health.
- Enforcing zero-trust network access profiles for connected assets.
- Separating networks for IT and IoT when possible.