Story image

IoT security in danger of being ignored, says Trend Micro

05 Apr 17

Security in Internet of Things (IoT) devices has been highlighted by the recent Mirai and Dyn botnet attacks - and Trend Micro says that most of those devices come with preset, easy passwords and inactivated security.

Organisations that install the technology also suffer by not ever using reinforced configurations, which means hackers can exploit significant holes, Trend Micro says.

Trend Micro says that organisations shouldn’t be dissuaded from using IoT technology, as it is opening up a vast space for data collection and consumer convenience. 

IoT security will improve, but organisations must take steps to protect their hardware from attacks - and data privacy issues. It will require management, but the outcome will be worth it, the company says.

Trend Micro says that configuring every single sensor or creating a firewall for their coffee maker is a mission, which is why most organisations fail to correctly configure devices without changing standard authorisations. 

However, everything must be configured so that attackers are left with no possible exploit holes. Data breach systems can detect unusual behaviour in networks, which also helps to spot malicious access in IoT devices, Trend Micro says.

Organisations must address how IoT devices collect, use and disclose information they connect. In addition, there should also be clear rules about how user data is secured and deleted. If there are no rules, it means systems and data could be at risk if attackers get in.

Unsecured IoT devices allow attackers to get in and then execute much bigger attacks. The Dyn DDoS attacks took down Netflix, Twitter and Spotify through unsecured IoT devices such as cameras, routers, DVRs and other household appliances, Trend Micro says.

The company also cites hacker tools such as Shodan, which can be used to search for exposed cyber assets and gain each device’s IP address, application and firmware versions.

Trend Micro says that organisations must configure their devices correctly for their specific organisation’s requirements. Use passwords that are complex and difficult for hackers to guess. Data breach systems will also trigger an alert for any malicious access to IoT devices.

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).