Content, Security Program Controls/Technologies, IoT

FBI: IoT Devices May Expose Businesses, Consumers to Cyber Exploitation

Common Internet of Things (IoT) devices may expose businesses and consumers to cyber exploitation, according to an updated FBI alert.

Unsecured or poorly secured IoT devices enable cybercriminals to access private networks and the devices and information attached to these networks, the FBI said in a public service announcement. Furthermore, cybercriminals often take advantage of default usernames and passwords to link IoT devices to form botnets and launch distributed denial of service (DDoS) attacks against websites or networks.

A compromised IoT device enables cybercriminals to launch attacks on systems or networks, send spam emails and steal personal information, the FBI stated. Fortunately, the FBI offered the following recommendations to help businesses and consumers safeguard their IoT devices against cyberattacks:

  • Update an IoT device's default username and password regularly. When creating a password, it is important to avoid using common words and simple phrases and include a combination of uppercase and lowercase letters, numbers and symbols.
  • Set up an IoT device on its own network.
  • Use network firewalls to prevent traffic from unauthorized IP addresses.
  • When possible, apply an IoT device manufacturer's security recommendations.
  • Search for IoT devices from manufacturers with a proven record of providing secure products and find out when data is collected and stored on these devices.
  • Keep all IoT device software up to date and apply security patches as needed.
  • Deploy a router that delivers security and authentication capabilities.

Expect the push for IoT devices to continue in the foreseeable future.

Approximately 8.4 billion connected "things" will be in use this year, technology research firm Gartner said in a prepared statement. In addition, the number of connected things could reach 20.4 billion by 2020, Gartner stated.

Should MSSPs Invest in the IoT Security Market?

As the push for connected devices increases, more opportunities may become available for MSSPs in the IoT security market. Thus, investing in the IoT security market today may help MSSPs differentiate themselves in a highly competitive managed security services segment for years to come.

Worldwide spending on IoT security is expected to reach $547 billion in 2018, according to Gartner. Also, Gartner has predicted more than 25 percent of identified attacks in enterprises will involve the IoT by 2020.

MSSPs that deliver cloud-based security services may be better equipped than others to capitalize on the rising demand for IoT devices, Gartner Research Director Ruggero Contu said in a prepared statement. With cloud-based security services for IoT devices, MSSPs can deliver "an acceptable level of operation for many organizations in a cost-effective manner," Contu noted.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.