The Internet of Things Presents Unaddressed Cybersecurity Vulnerabilities

By Adam C. Uzialko, B2B Staff Writer – Business News Daily

The Internet of Things is a powerful tool that grants organizations access into granular data, which helps to improve productivity, efficiency and informed decision making. However, implementing an IoT system, in which dozens or even hundreds of new connected devices gain access to your network, carries with it increased security risks. After all, more potential points of entry increase the attack vector for would be hackers.

So, how can your business reap the benefits of the IoT without befalling serious harm? With so many threats out there – from ransomware to malware and beyond – security is imperative. Business News Daily spoke to several experts about the problems facing IoT cybersecurity today and how best to move forward.

Rather than a monolithic system, IoT is a fabric of disparate devices connecting with one another to work together, as the name suggests. Historically, organizations have implemented IoT in a bid to reap the enormous benefits the technology promises; however, there was often little regard for security, and as the network of connected things proliferated, so too did the security risks.

“For a long time … the IoT push was just to connect the unconnected,” said Matt Morris, ‎VP of strategy, products and marketing for NexDefense. “So, people started to incorporate more and more of these systems, bringing in manufacturing plants, oil rigs, utility substations and so on. In their push to get things connected, they failed to solve the issue of security.”

Today, most companies understand that secured connectivity is the true value of IoT and are working to protect themselves, especially in the wake of high profile attacks like Shamoon, which impacted Saudi Aramco and sent shockwaves through the oil and gas industry, or the more recent Wannacry ransomware attack that impacted companies all over the world. In some ways, though, Morris said, security efforts that emanate from boards of directors are misguided.

Many companies are trying to apply IT security solutions in operational environments, such as the manufacturing industry or for oil and gas production. The trouble with this, according to Morris, is that the two are very different animals – companies then think they’re protected when their security still has holes in it.

Utilizing typical IT solutions in an operational or industrial environment, such as a manufacturing plant, can have dire consequences. Scanning systems, for example, can cause essential features to shut down, like safety features that protect humans working alongside robots on a production line. At worst, serious harm could befall employees. But even if this worst-case scenario doesn’t come true, you’re still looking at a slowdown in production, Morris said.

“The type of security needed to protect manufacturing lines, oil rigs, newer tech,” he added. “There … is technology out there that is purpose built for these environments. If … companies are aware and invest and implement, they can actually strengthen the IT security they are using today that they think is protecting them but really is not.”

Many security vulnerabilities can be mitigated by establishing a policy based on best practices and disseminating these policies to employees. Protecting credentials and restricting access to the network are major ways a company can protect itself from outside threats.

“The greatest challenge I see among all our clients is a lack of standards and governance in the way they will support and provide access and control measures to all these devices,” said Mike Sanchez, CISO of UDT. “There’s not a clear strategy in terms of who has access, which group and why. Generally, what I see is they do these blanket rules and policies allowing most devices to connect merely just by basic configuration settings to access things like emails and share files or folders on the company network.”

Sanchez said establishing directives regarding “bring your own device” (BYOD) policies, network access, and how employees interact with others through channels like email can help insulate the organization from would-be attackers. It’s also wise to prioritize the assets that you truly depend on, rather than taking a one-size fits all approach.

“Over and over again, I see people trying to protect things that don’t have a big impact to organization,” Sanchez said. “It all comes down to governance, frameworks and standards. Doing these basic things, whether it’s an IoT device, legacy systems or remote PC, the fundamentals still remain. There isn’t a magic bullet that’s going to address this challenge from a tech standpoint.”

Some of the security challenges of IoT are out of the organization’s hands. Manufacturers can build-in better security protections to their products on the device level. Many have moved to improve their products already, and security will continue to become a bigger sticking point as IoT continues to proliferate.

“Manufacturers and vendors of these devices need to do their part as well in the chip sense, and how they build these devices,” Sanchez said. “Attackers use basic methods in attack vectors and manufacturers need to account for any type of attack.”

Often, a major motivation is creating a seamless, intuitive user interface, but this can also compromise security if overdone, Sanchez said. Tightening things up without sacrificing an acceptable amount of user friendliness will be the challenge software developers and device manufacturers face in the future.

“There’s always a balance we strike between user interface accessibility and security,” Sanchez said. “We’re always struggling against those two points and how to provide or mitigate the risk at the best possible UI experience.”

The IoT security issue isn’t going to be solved overnight. It’s going to take years of learning new behaviors, implementing new defenses, and upgrading technology to combat the threats. And even then, new attacks will develop and new defenses will rise to meet them.

“It’s a challenge that will be around for a while, I think, given the magnitude of the different areas you have to deal with and address, Sanchez said. “Companies are really struggling in the way that they define the strategy for their own infrastructure and legacy systems.”

But security challenges shouldn’t scare organizations away from IoT, Morris said. The benefits the technology offers are very real, and if the hurdles surrounding security could be overcome there’s no telling what these connected environments can help us achieve.

“If … that awareness doesn’t get out there and get [security] implemented the way it needs to, I don’t think we’ll ever see IoT reach its full fruition that everyone really wants it to,” Morris said. “But if that can be solved, then I think sky’s the limit in terms of what can be achieved.”

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

Rethinking Cybersecurity: 4 Strategies to Protect Your Business

Discover how to shift your focus to safeguarding raw data in order to strengthen your security infrastructure and protect your business with these 4 strategies.

Your Guide To E-Rate 2023-2024: Application Timeline, Eligibility, and More

As COVID relief funding sunsets next September 2024, the Federal Communications Commission’s (FCC) annual E-Rate Program will become increasingly important for schools and libraries seeking to refresh and maintain their technology stack.

Switching to Windows 11? Then It’s Time To Upgrade Your Devices

Leverage the Windows 11 upgrade to refresh your devices. Discover 4 reasons why a full-coverage lifecycle management solution is key to long-term success.

Improve Remote Work Efficiency and Security With Endpoint Managed Lifecycle

Discover the benefits of Endpoint Managed Lifecycle, which include enhancements to your IT performance and security in remote work setups.

Your Business Needs To Make The Switch to Windows 11—Here’s Why

Technology drives business performance. Delve into why transitioning early to Windows 11 is smart for your business and how it can raise your competitive edge.

5 Reasons Why Every Business Needs A Managed IT Services Provider

Discover the ways Managed IT Services can optimize your business processes, foster sustainable growth, and ensure future readiness.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:


  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,