What risks do IoT security issues pose to businesses?

The Internet of Things (IoT) can increase efficiency, but it also comes with new risks. Find out why and how to protect your
business in our article.

IoT security is the protection of Internet of Things devices from attack. While many business owners are aware that they
need to protect computers and phones with antivirus, the security risks related to IoT devices are less well known and their
protection is too often neglected.

Internet of Things devices are everywhere. From cars and fridges to monitoring devices on assembly lines, objects around us
are increasingly being connected to the internet. The speed at which the IoT market is growing is staggering - Juniper
research estimates that the number of IoT sensors and devices is set to exceed 50 billion by 2022.

While consumer IoT devices allow lifestyle benefits, businesses are quickly adopting IoT devices due to high potential for
savings. For example, after Harley-Davidson turned their York, Pennsylvania plant to a ‘smart factory’ using IoT devices in
every step of the production process, they reduced costs by 7% and increased net margin by 19%.

What are the security issues in IoT?

While IoT devices can greatly increase productivity for businesses, they also come with risks. Since IoT devices are
connected to the internet, they can be hacked just like any other internet-enabled device.

To sufficiently protect your network, it’s essential to understand the security vulnerabilities of IoT devices. One of the key
IoT security issues is the expansion of attack surfaces due to an increased number of endpoints. In a network, endpoints are
the devices that are connected to the internet at large - each offering a point of entry to bad actors, exposing the network to
outside risks.

The attack surface of a network consists of all the possible places where it can be attacked, and it expands with every new
internet-connected device. Even if the chance of one device being accessed by a perpetrator is small, the large number of
IoT devices being brought into businesses can create a significant security risk.

The biggest
IoT threats to businesses
Here are some of the major risks to a business network without proper IoT cybersecurity:
Access to sensitive data

One of the main IoT challenges is that the devices often record, have access to, and stream sensitive data. Security systems
such as cameras and doorbells are increasingly a part of small business networks, and can quickly create major issues if
hacked by a cybercriminal. Office equipment, such as printers, are also potential access points - a compromised printer could
easily mean that the attacker can view everything that is printed or scanned in an office.

Sabotage

A hacked IoT device will allow the attacker to access its functions. While a coffee-maker might not allow an attacker to do
anything more dangerous than brewing a latte, a hacked heating system or machinery can create far more disruption to a
business. A bad actor could potentially hold a vehicle and its occupants hostage or demand payment to stop the sabotage of
an assembly line.

Botnets

Cybercriminals can bring together huge numbers of infected devices into networks called botnets. These botnets can be used
for a variety of things, but they are best known for their use in DDoS attacks.

DDoS (Distributed Denial of Service) attacks send out a targeted stream of network requests from infected devices to the
server, computer, or network that the bad actor wishes to bring down. As there are too many network requests for the target
to handle, it crashes, and becomes unavailable for real users. In 2016, a botnet brought down some of the biggest sites,
including Twitter and Netflix, using a DDoS attack.

Which industries are most vulnerable to IoT security threats?

While IoT devices can pose a security risk to any businesses that don’t take steps to secure their networks, some industries
are especially vulnerable to attacks.

Industries that will face the highest risks are those where IoT devices are not just used as tools to help productivity but are
being integrated into the very core of the business’s operation. For example, the use of IoT devices in manufacturing may
provide huge benefits to efficiency, but when production processes become completely reliant on smart technology, a single
attack has the potential to render a factory inoperational.

In 2010, the Stuxnet virus infected a uranium enrichment plant in Iran and caused permanent damage to centrifuges. While
it’s likely that no one will use such a sophisticated attack against a small business, IoT malware is developing at a fast pace –
any business using unsecured IoT devices in their manufacturing process could one day find their operation held hostage by
hackers.

The owners of any small business that records confidential customer information should also be concerned about the risks.
Webcams, printers, security cameras, and digital doorbells are just some of the devices that can potentially be hacked and
reveal confidential information to attackers through their cameras and microphones. It’s just one of five key endpoint threats
that pose a risk to small businesses.

How to maintain IoT security

While securing your endpoints and network will depend on what types of devices you have, there are certain precautions
that will help you to secure any type of IoT gadget or appliance.

Use strong passwords

Having strong passwords is always important, but especially so for IoT devices. With a weak password, taking control of an
IoT device through its own interface or web portal is trivial. What’s even more concerning is that many IoT devices come
with default passwords, which many users don’t change – meaning that the attacker may already know the password to your
device.
Strong passwords on the rest of your network will also add a second line of defence if an attacker does gain access through a
device – stopping or hindering their attempts to access files, databases, and other devices. Changing the password on your
router to a long and strong one is especially important, as a compromised router quickly leaves the whole network
vulnerable.

Network security
Ensure that you have an up-to-date, secure router, with a firewall enabled. Your router can be the first point of attack – and
if your router is compromised it will leave your entire network vulnerable. Installing an endpoint security solution that
allows you to discover vulnerabilities in your network – for example, one with a scan feature such as Avast’s Wi-Fi
Inspector - is essential.

Patches

Responsible manufacturers will release security updates for their IoT devices when vulnerabilities are discovered. Ensuring
your devices are patched regularly with the latest updates is important. If you have a device that doesn’t receive updates,
consider the benefits of the device against the potential impact on your business in the event of an attack.

Consider necessity
As there is a growing market for IoT devices, manufacturers are eager to pump out large numbers of them, and may not
spend much time developing their product’s security. While IoT devices can be highly useful, consider whether your office
kitchen really needs that internet-enabled toaster or kettle.

While the benefits of new technology always seem exciting – especially for small business owners looking to save money
and increase productivity – it’s important to take time to understand the risks that come with it. IoT devices have the
potential to bring efficiency improvements to many industries, but steps should also be taken to ensure they don’t leave your
network vulnerable to malicious actors.