IoT security in danger of being ignored, says Trend Micro
Security in Internet of Things (IoT) devices has been highlighted by the recent Mirai and Dyn botnet attacks - and Trend Micro says that most of those devices come with preset, easy passwords and inactivated security.
Organisations that install the technology also suffer by not ever using reinforced configurations, which means hackers can exploit significant holes, Trend Micro says.
Trend Micro says that organisations shouldn't be dissuaded from using IoT technology, as it is opening up a vast space for data collection and consumer convenience.
IoT security will improve, but organisations must take steps to protect their hardware from attacks - and data privacy issues. It will require management, but the outcome will be worth it, the company says.
Trend Micro says that configuring every single sensor or creating a firewall for their coffee maker is a mission, which is why most organisations fail to correctly configure devices without changing standard authorisations.
However, everything must be configured so that attackers are left with no possible exploit holes. Data breach systems can detect unusual behaviour in networks, which also helps to spot malicious access in IoT devices, Trend Micro says.
Organisations must address how IoT devices collect, use and disclose information they connect. In addition, there should also be clear rules about how user data is secured and deleted. If there are no rules, it means systems and data could be at risk if attackers get in.
Unsecured IoT devices allow attackers to get in and then execute much bigger attacks. The Dyn DDoS attacks took down Netflix, Twitter and Spotify through unsecured IoT devices such as cameras, routers, DVRs and other household appliances, Trend Micro says.
The company also cites hacker tools such as Shodan, which can be used to search for exposed cyber assets and gain each device's IP address, application and firmware versions.
Trend Micro says that organisations must configure their devices correctly for their specific organisation's requirements. Use passwords that are complex and difficult for hackers to guess. Data breach systems will also trigger an alert for any malicious access to IoT devices.