IoT Cybersecurity, loT asset Protection, loT Risk Detection, and mitigation are key components of any loT security consulting exercise. With the increasing adoption of IoT in the post-pandemic environment, the threats to IoT deployments have also grown substantially. While cybersecurity practitioners are working towards fully understanding the cybersecurity implications of the ‘New Normal’, a few factors do stand out when it comes to IoT risk assessment and mitigation.
In this post, we identify the 8 biggest IoT cybersecurity challenges that have emerged in the last 8 months.
- The emergence of new actors: the last few months have seen the emergence of more sophisticated threat actors as many white hat hackers went rogue due to the absence of projects to work on. Besides, the demand for hackers from APT groups and other disruptive agencies has also increased manifold leading to these players running large recruitment campaigns on the Dark Web and forums to recruit new hackers.
- The pandemic has exposed several weaknesses that exist in the digital transformation matrix of various organizations including lack of multi-factor authentication, communication authentication issues, use of untested applications for collaboration and lack of sufficient cybersecurity oversight on key isolated and air-gapped infrastructure elements
- Rogue devices: virtualized rouge devices remotely controlled by hackers operating out of large device farms have been known to latch on to unprotected networks pretending to be legitimate devices. This challenge has grown substantially in the last few months because of the lack of device discovery options
- Perimeter focused security: use of firewalls and other mechanisms to control traffic at the gate left the core systems and networks vulnerable to rogue insider activity.
- Diffused workforce operating out of remote locations (work from home) accessing networks through compromised devices has become a matter of significant concern.
- Some IoT projects are in remote places that are not easily accessible. In such locations, hackers might use physical means to compromise devices and networks in-situ
- Easy availability of malware: malware shops have in the last 180 days dumped huge collections of highly potent malware some of which target yet to be uncovered vulnerabilities.
- Vast adoption of IoT without paying adequate attention to cybersecurity has led to a situation where many of the new IoT projects have become sitting ducks for hackers. Some of these projects may already have been compromised.
This indicates the gravity of the problem at hand. Some of the threats fall under the unknown unknown category which means that it will be a while before they are discovered and addressed.
It is high time we set aside traditional approaches to IoT risk detection and management and embrace new ones that will contain and eliminate new threats.
Embracing a zero-trust security approach that relies on renewing trust subscriptions frequently within the same active session is also the way forward.
To know more about Subexsecure’s offerings and to schedule a demo, call: +91 80 6659 8700
Click here to know more about how Subexsecure has been working with telcos across the globe to secure the IoT initiatives adopted by their customers.
Prayukth K V has been actively involved in productizing and promoting cross eco-system collaboration in the emerging tech and cybersecurity domains for over a decade. A marketer by profession and a published author, he has also proposed and promoted critical infrastructure protection strategies that rely on in-depth threat research and deflection strategies to deceive hackers and malware. Having been at the frontlines of cyber securing infrastructure, Prayukth has seen cyberattacks and defence tactics at close quarters.