Story image

IoT security in danger of being ignored, says Trend Micro

05 Apr 2017

Security in Internet of Things (IoT) devices has been highlighted by the recent Mirai and Dyn botnet attacks - and Trend Micro says that most of those devices come with preset, easy passwords and inactivated security.

Organisations that install the technology also suffer by not ever using reinforced configurations, which means hackers can exploit significant holes, Trend Micro says.

Trend Micro says that organisations shouldn’t be dissuaded from using IoT technology, as it is opening up a vast space for data collection and consumer convenience. 

IoT security will improve, but organisations must take steps to protect their hardware from attacks - and data privacy issues. It will require management, but the outcome will be worth it, the company says.

Trend Micro says that configuring every single sensor or creating a firewall for their coffee maker is a mission, which is why most organisations fail to correctly configure devices without changing standard authorisations. 

However, everything must be configured so that attackers are left with no possible exploit holes. Data breach systems can detect unusual behaviour in networks, which also helps to spot malicious access in IoT devices, Trend Micro says.

Organisations must address how IoT devices collect, use and disclose information they connect. In addition, there should also be clear rules about how user data is secured and deleted. If there are no rules, it means systems and data could be at risk if attackers get in.

Unsecured IoT devices allow attackers to get in and then execute much bigger attacks. The Dyn DDoS attacks took down Netflix, Twitter and Spotify through unsecured IoT devices such as cameras, routers, DVRs and other household appliances, Trend Micro says.

The company also cites hacker tools such as Shodan, which can be used to search for exposed cyber assets and gain each device’s IP address, application and firmware versions.

Trend Micro says that organisations must configure their devices correctly for their specific organisation’s requirements. Use passwords that are complex and difficult for hackers to guess. Data breach systems will also trigger an alert for any malicious access to IoT devices.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.