IoT Security: Exploring breaches and countermeasures across industries

Some of the concerns come from the sheer volume of devices that need to be secured. Projections indicate that the worldwide number of IoT devices will nearly triple, rising from 9.7 billion in 2020 to over 29 billion by 2030.  The other concern is the types of devices involved. Hackers can exploit cars and medical devices, which are essential to daily life and yet have security vulnerabilities.

IoT devices serve as a primary access point for numerous attacks, according to Microsoft’s Digital Defense Report 2022. Despite efforts to increase the security of IT software and hardware, IoT security has not progressed at the same rate, the report states.

Introduction to IoT security: Why it matters

Hackers and cybercriminals are drawn to the vast amounts of data that these devices collect and share, making them an attractive target. For instance, even a simple IoT device like a baby monitor can be exploited to gather sensitive information such as credit card numbers or spy on a family.

There were 110 critical vulnerabilities in the second half of 2022, only 10 behind the peak number uncovered during the 2H of 2021, according to a report from Claroty. When it comes to healthcare, cybersecurity has been primarily associated with data privacy. However, an epidemic of ransomware means concerns now extend to patient safety, especially if life-saving systems need to be restarted because of an attack.

Although IoT devices offer numerous benefits, it is crucial to consider the associated risks. One of the most significant threats to IoT security is the lack of encryption on data transmissions, enabling unauthorized access to sensitive information and credentials.

The utilization of malware by cybercriminals to take over IoT devices or connected machines and engage in malicious activities has become a common occurrence across various industries, including automotive, manufacturing, consumer electronics, agriculture, retail, along with healthcare.

How are different industries affected by cyberattacks? What countermeasures can be taken to improve IoT security?

Healthcare Industry: The healthcare sector is grappling with the repercussions of IoT security issues in several ways. IoT devices are commonly utilized to monitor and control medical equipment, and if they are not appropriately secured, attackers may exploit them to access private patient information.

In November 2022, a cyberattack struck the All-India Institute of Medical Sciences New Delhi (AIIMS), causing extensive damage to its servers and the National Information Center’s eHospital network. The attack resulted in the manual management of all functions, including emergency, ambulatory, inpatient, and testing areas, for more than a week. The Delhi Police’s Intelligence Fusion and Strategic Operations unit registered a case of cyber terrorism and extortion but refuted any claims of AIIMS receiving a ransom demand of Rs 200 crores in cryptocurrency, which is typical in ransomware attacks.

Manufacturing Industry: Manufacturers are extremely concerned about the security of IoT, and incidents such as the one affecting the multinational aluminum manufacturer Norsk Hydro are why. Norsk Hydro, which operates in 40 countries, had to shut down several plants following a LockerGoga ransomware attack. Although the malicious code entered via an email system, the attack had a detrimental effect on IT systems in various business functions, including smelting plants situated in Norway, Qatar, and Brazil.

Automotive Industry: IoT security is a hot topic in the automotive industry.  According to Security Week, a team of seven security experts has discovered several vulnerabilities in vehicles manufactured by 16 car makers, allowing them to control car functions and start or stop the engine. Furthermore, the researchers revealed that numerous other security defects enabled them to access car makers’ internal applications and systems, which resulted in the exposure of personally identifiable information (PII) of customers and employees, as well as account takeover. The hacks targeted infrastructure, telematic systems, and automotive APIs. The affected car models included premium brands from Ferrari to BMW to even Rolls Royce. The car makers were notified, and they have released patches to fix the security issues.

There are different ways to improve IoT security

Safeguarding IoT devices against malicious attacks and unauthorized access is a significant challenge. Some best practices for security include:

• Keep devices secure by installing the latest security patches regularly.
• Segment the network to prevent unauthorized access and attacks.
• Use strong passwords for accessing software and implement multifactor authentication to enhance security.
• Take a layered approach to security by using multiple security measures, such as firewalls, antivirus software, and intrusion detection systems.
• Do not rely on default security settings, which may be vulnerable to attacks.
• Maintain a global access map to track and control access to your network and devices.
• Ask the manufacturer about SSL/TLS and use encrypted protocols to protect data in transit.
• Restrict internet usage on connected devices to enhance security.
• Protect important data by blocking programs behind a firewall or restricting access to certain software features.
• Install the most recent software on all network-connected devices to stay up to date with security features.
• Create a separate network for IoT devices to prevent unauthorized access to other devices.
• Implement security measures that ensure IoT-connected devices cannot be easily spoofed, such as assigning unique IDs to each device.

IoT security is a growing concern for individuals and organizations alike. As the number of devices connected to the internet continues to grow, so does the potential for security breaches. While there are many ways to secure IoT devices, it is important to consider all aspects of security when deploying these devices. By doing so, organizations can ensure that their devices are protected from potential threats.

About the author

Pooja Kanwar is an accomplished EV Trends Analyst at eInfochips. With her expertise in the electric vehicle industry, she brings a deep understanding of the latest trends, market dynamics, and emerging technologies shaping the EV landscape.

DISCLAIMER: Guest posts are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Edge Industry Review (EdgeIR.com).

Article Topics

cybersecurity  |  eInfochips  |  encryption  |  IoT  |  network segmentation  |  ransomware