IoT attacks could cause UK £1bn damage
May 2019 by Dutch software
Research from Dutch software firm Irdeto revealing that cyberattacks targeted at IoT devices could cost the UK more than $1bn per year. Commenting on this report, Matthew Aldridge, Senior Solutions Architect at Webroot, believes that the issue can be alleviated by businesses taking a more concerned approach to IoT devices, waving goodbye to the “set-up and forget” mentality:
“IoT devices have been embraced rapidly by consumers and enterprises alike. Having an array of connected devices, by their very nature, increases the potential attack surface of the network. When compromised they could grant an attacker access to sensitive and highly valuable data. This is the same regardless of whether the device is in a large enterprise or your living room. Businesses need to understand the risks of adding more and more IoT devices to the network and the possible consequences of being compromised.
Understanding how and what a device collects, stores and communicates is crucial to securing sensitive data. Routinely checking for the latest updates for the devices is important and resetting firmware periodically isn’t a bad idea. Manufacturers of these devices have a responsibility to businesses and consumers to ensure that security is built in during the development phase, with appropriate security controls in place with regards to the processing, storing and transmission of end user data, whether remotely or locally. Mechanisms need to be in place so that updates, when available, can be easily applied, while ensuring devices are easy to security harden, through the mandatory changing of default passwords for example.
Ultimately, making sure IoT devices are configured to be as secure as possible is essential – it’s goodbye to the ‘set-up and forget’ mentality. These devices and the network as a whole need to be continuously monitored, utilising the latest threat intelligence solutions layered with smart capabilities, such as machine learning, to intelligently deliver threat protection and help detect and stop attacks, particularly at scale. IoT devices need to also be carefully segmented from any more trusted areas of the network and attention must be paid to egress filtering as well as ingress. An informed and tactical approach will pay dividends towards keeping the whole organisation’s environment safe.”