“The Internet of Things is a massive attack surface that grows bigger every day. These devices are often riddled with basic security problems and high-risk vulnerabilities, and they are becoming a more frequent target of sophisticated hackers, including cyber criminals and nation-states,” Brian Contos, CSO of Phosphorus, writes for TechRepublic.
For some time, security practitioners have thought of IoT-enabled attacks as lower level. We’re talking distributed denial of service and crypto-mining botnets. But the reality is that advanced threat actors are also using IoT devices to achieve persistence inside these networks while evading detection.
In our own analysis of millions of IoT devices deployed in corporate environments, we have found that both high-risk and critical vulnerabilities (based on the Common Vulnerability Scoring System, or CVSS) are widespread. Half of all IoT devices have vulnerabilities with a CVSS score of at least 8, and 20% have critical vulnerabilities with a CVSS score of 9–10. At the same time, these devices also suffer from a number of basic security failures, in terms of password protection and firmware management.
These risks with IoT can’t be eliminated, but they can be reduced. Click below to head to TechRepublic and read the 6 steps companies should take.