In the consumer domain, Internet of Things (IoT) tech has long had a bad rap for shoddy security.
Homes today are flooded with connected devices — whether it’s an app-enabled espresso machine or a wifi-connected security camera. According to Statista, consumer electronics will account for 63% of all installed IoT (Internet of Things) units in 2020.
These devices can collect data on their users, which is fed back to service providers in order to help enhance their products. Manufacturing these devices is lucrative and, as demand climbs further consumers are increasingly purchasing cheaper, low-end devices. The problem is, security standards are generally pretty lax.
In the business world so far, the vulnerabilities and security pitfalls of consumer IoT haven’t been much of a problem — privacy-savvy execs might have stretched to turn off the office Alexa during a particularly sensitive meeting. But with only a third of workers set to return to the office by fall, the workers’ home has become the workplace itself; if it’s awash with unsecured IoT, that’s a serious cybersecurity issue. 15% of IoT devices owners still use default passwords, so chances are high that most businesses have at least one employee with a vulnerable device — a cyber attacker only needs access to one.
“The majority of IoT devices purchased for the home are relatively cheap and little effort is made to protect them at a hardware or software level at this end of the spectrum by manufacturers,” Darryl Jones, Director of Product Management for IoT, at digital identity specialist ForgeRock told TechHQ.
“From poor credential management, aging firmware, and redundant access points left in consumer devices to infrequent security updates, these are often insecure from the outset.”
In 2020, CISOs and their equivalents have been blindsided by a spike in attempted cybercrime. Phishing emails leveraging the circumstances have surged, while a sudden migration of the workforce to remote work led to a proliferation of new endpoints to protect. As businesses and workforces have gone online, criminals have followed in droves.
At the same time, in 2019 alone, cyberattacks on IoT devices were up 300% and are likely to have continued growing.
The most infamous example of IoT device vulnerability was the wave of Mirai botnet DDoS attacks in 2016, which, at one point, took down internet access on the whole east coast of the US. The US government initially suspected a rogue nation-state, but the culprit turned out to be a network of 400,000 compromised consumer IoT devices weaponized by a disgruntled Minecraft player.