If it's easy for you, it's a piece of cake for them

Understanding the rising impact of IoT-specific malware

Carol Evenson

A silhouette of a hacker image via Shutterstock

There is no denying that the world is becoming more connected than ever. From smartphones to smart thermostats that know when you’re at home and smart pet food dispensers that you can activate as long as there’s internet connection, everything seems to be getting, well… smarter.

It seems like everything we use these days can communicate with everything else. The Nest thermostat can connect with a carbon monoxide detector that will turn off the furnace if it detects a leak since the furnace is the first suspect when there’s a CO leak. Samsung offers a refrigerator with cameras inside that can stream to a smartphone to let you know exactly what food you have available so you can plan dinner before you even get home. Amazon has created the Dash, a device that you can either speak directly into or scan a barcode to immediately add items to your online shopping cart. Anywhere you look, you can find a connection to the internet.

However, this new convenience comes at a price. Each device you use to access the internet and connect with other devices is a potential access point into your network, and so it is crucial to set up safeguards to protect against intrusion.

According to a report from Cisco, “the growth of IoT-specific malware, even when designed for a targeted attack, often employ self-propagating infection techniques. As such, even unintended targets are often compromised.” This means that just because a user believes he has nothing that anyone might want to steal, they may still be vulnerable. Particularly as remote access grows as a popular feature of IoT devices and services, many incidents reveal that remote access is the primary attack method.

The first target may not be the end goal

As organizations work to protect their networks from hackers and malware, cyber criminals are searching for roundabout ways to get past those defenses. Blue Coat Systems describes the 2014 Home Depot breach, mentioning that their initial point of entry came from stealing login information for one of Home Depot’s third-party vendors, then using that access to enable additional access and insert customized malware into the system.

According to Gartner, 6.4 billion devices are expected to be connected to the internet by the end of this year, with an additional 5.5 million devices connecting each day. Each of these devices could be a point of entry for malware, which can then infect other devices. Employees can bring their infected device inside the firewall, providing the cyber criminals access to much more sensitive information and systems.

So what should you do?

In spite of the growing threat, there are several things companies can do to protect themselves. The first step is to build a strong firewall with strong intrusion prevention. In case of a breach, create an emergency response plan. As IoT develops and becomes mainstream, stay up to date with security standards as they arise. Use two-factor authentication in suitable areas, and keep your software up to date. New software versions may include security patches as software providers discover and take care of gaps in security.

The world is becoming more connected, and as it becomes easier for you to access your data and devices, it becomes easier for others as well. However, keep in mind that it is possible to enjoy the convenience IoT products offer while still keeping your data and systems secure.

Carol Evenson
Carol Evenson is a business consultant specializing in data security and information management. She has worked with Fortune 1000 companies and currently assists organizations within the US and UK.

Inline Feedbacks
View all comments