Blog IoT

4 Common IoT Security Vulnerabilities and How to Overcome Them

Kendra Luciano Managing Editor, Content Marketing Published 25 Mar 2021

When it comes to IoT, it’s easy to get lost in the big picture. Statista projects global IoT spending to surpass $1 trillion by 2023. On the consumer side in smart home systems alone, 2020 showcased spending of  $115 billion. Before you get lost in the pink cloud of opportunity, it’s critical to stay grounded – knowing the average cost of a data breach in 2020 was $3.86 million should help.

Today we’ll explore 4 common IoT security threats, and how your organization can avoid them.

  1. Weak passwords are the dead horse we continue to kick, but warn as we may, this is major issue. There are two sides to this coin: choosing predictable passwords and not changing a device’s default password. The onus falls on IT admins to ensure a brute force attack isn’t all it takes to penetrate your network. Complex passwords that are changed with regular frequency can go a long way in protecting organizational interests.
  2. Poor privacy protection is unacceptable. The most valuable commodity in business today is data. The hundreds or thousands of devices comprising your IoT deployment collect and store sensitive information. Recent research noted 91.5% of enterprise IoT communications are in plaintext, which means a savvy hacker could do as he or she sees fit with the “score.” To the 8.5% leveraging SSL: well done.
  3. Security updates are critical. What is your update process? Encryption is necessary, as organizations must be able to send real-time updates to endpoints. If there is no firmware validation, security monitoring or patch delivery, then devices are left with code vulnerabilities and running outdated software.  Audit your update process. The time now will save you money later.
  4. Shadow IoT is a growing threat to enterprise IoT. Healthcare is arguably the most impacted arena, and ZK Research notes 95 percent of healthcare deployments included Amazon Alexa and Echo devices active in the same environment as medical monitoring equipment. The possible HIPAA violation is the beginning of the nightmare. ZK Research also pointed out another major caveat, 61% of IT lack confidence in knowing what devices are connected to the network. If you were curious, that number jumped by 10% in recent years. Success against Shadow IoT is found in strict device policy and the deployment of comprehensive security solutions to offer much-needed visibility.

Developing a coherent and effective security strategy starts with the right partner. With ExtremeControl, IT gains granular policy control from the edge to the data center into the multicloud, delivering context-based control, simple and secure onboarding, all via single pane of glass.

Is your Wireless Intrusion Prevention System (WIPS) up to the task? A comprehensive Wireless Intrusion Prevention System enables active monitoring of devices on net, offers centralized management, and supports both dedicated and radio-share sensing modes. 

These are a couple of tools to fortify security positioning and evolve toward full visibility, policy consistency, more accurate asset tracking, and faster vulnerability detection. A segmented network is moving in the right direction, but security is a ever-evolving journey, not a destination.

The truth about IoT security is organizations are not doing enough to minimize risk. Every device, every network layer, every user plays a pivotal role in protecting enterprise interests. Safeguarding an IoT deployment is complex, but there are simple steps a business can take to put its best foot forward.

Get the latest stories sent straight to your inbox!

Related Enterprise Stories