IoT hacking and remote work: How consumer devices increase security risks

IMAGE CREDIT:
Image credit
iStock

IoT hacking and remote work: How consumer devices increase security risks

IoT hacking and remote work: How consumer devices increase security risks

Subheading text
Remote work has led to an increased number of interconnected devices that can share the same vulnerable entry points for hackers.
    • Author:
    • Author name
      Quantumrun Foresight
    • March 2, 2023

    Internet of Things (IoT) devices went mainstream during the 2010s without a serious effort to develop their security features. These interconnected devices, such as smart appliances, voice devices, wearables, up to smartphones and laptops, share data to function efficiently. As such, they also share cybersecurity risks. This concern took on a new level of awareness after the 2020 COVID-19 pandemic as more people started working from home, thereby introducing interconnectivity security vulnerabilities into their employers' networks.



    IoT hacking and remote work context 



    The Internet of Things has become a significant security concern for individuals and businesses. A report by Palo Alto Networks found that 57 percent of IoT devices are vulnerable to medium or high-severity attacks and that 98 percent of IoT traffic is unencrypted, leaving data on the network vulnerable to attacks. In 2020, IoT devices were responsible for nearly 33 percent of infections detected in mobile networks, up from 16 percent the year before, according to Nokia's Threat Intelligence Report. 



    The trend is expected to continue as people purchase more connected devices, which can often be less secure than enterprise-level equipment or even regular PCs, laptops, or smartphones. Many IoT devices were created with security as an afterthought, especially in the early phases of the technology. Due to a lack of awareness and concern, users never changed the default passwords and often skipped manual security updates. 



    As a result, businesses and internet providers are starting to offer solutions to protect home IoT devices. Service providers like xKPI have stepped in to solve the issue with software that learns the expected behavior of intelligent machines and picks up anomalies to alert users of any suspicious activity. These tools are working to mitigate the supply chain side risks through specialized security chips in their Chip-to-Cloud (3CS) security framework to establish a secure tunnel to the cloud.     



    Disruptive impact



    Aside from providing security software, Internet providers also require employees to use specific IoT devices that meet strict security standards. However, many businesses still feel unprepared to deal with the increased attack surface caused by remote work. A survey by AT&T found that 64 percent of companies in the Asia-Pacific region felt more vulnerable to attacks due to the increase in remote work. To address this issue, companies can implement measures such as virtual private networks (VPNs) and secure remote access solutions to protect company data and networks.



    Many IoT devices provide essential services, such as security cameras, smart thermostats, and medical devices. If these devices are hacked, it can disrupt these services and potentially have serious consequences, such as risking people's safety. Companies in these sectors may likely take additional measures like training workforces and specifying security requirements within their remote work policy. 



    Installing separate Internet Service Provider (ISP) lines for home and work connections may also become more common. Manufacturers of IoT devices will have to maintain their market position by developing and providing visibility and transparency into security features. More service providers can also be expected to step in by developing more advanced fraud detection systems using machine learning and artificial intelligence.



    Implications of IoT hacking and remote work 



    Wider implications of IoT hacking in the remote work context may include:




    • Increasing incidents of data breaches, including employee information and access to sensitive corporate information.

    • Companies creating more resilient workforces through increased cybersecurity training.

    • More companies reconsidering their remote work policies for employees operating with sensitive data and systems. One alternative is that organizations may invest in greater automation of sensitive work tasks to minimize the need for workers to interface with sensitive data/systems remotely. 

    • Firms offering essential services increasingly becoming the target for cybercriminals as disruption of these services can have greater consequences than usual.

    • Increasing legal costs from IoT hacking, including notifying customers of data breaches.

    • Cybersecurity providers focusing on a suite of measures for IoT devices and remote workforces.



    Questions to comment on




    • If you are remotely working, what are some cybersecurity measures your company implements?

    • How else do you think cybercriminals will take advantage of increasing remote work and interconnected devices?


    Insight references

    The following popular and institutional links were referenced for this insight: